Published March 22, 2018|5 min read
Updated Sept. 28, 2018: Attackers stole information that could give them access to nearly 50 million Facebook accounts, the social network announced Friday. Facebook said hackers exploited the "View As" feature, which allows users to see what their profile looks like to other people, to steal login data. Facebook is resetting access tokens for another 40 million people, so altogether, 90 million people will have to log back into Facebook.
The company said it has fixed the vulnerability, notified police and turned off the "View As" feature.
These changes don't mean you shouldn't take steps to protect yourself in the wake of all the headlines. There are reasons to worry about social network breaches. Scammers can use information gleaned from social profiles to, for instance, answer the security questions protecting your bank account or commit identity theft. You can find tips for getting ahead of fraud in the wake of a hack here.
Fortunately, there are steps you can take on Facebook to protect yourself.
We asked Adam Levin, chairman and founder of CyberScout, an identity protection company, and author of "Swiped," for tips on how to protect you Facebook data.
Facebook allows you to control how apps use your information, Levin said. Go to Facebook settings, then apps. Here you can check the permissions you grant apps to access your information, including your friends list and email address.
Check each apps' permissions. They can get extensive. For example, an app I installed, Bandsintown, has access to my profile, friends list, location, likes, email and songs I listened to in other music apps. Any app that uses your Facebook login will get access to some personal data, from Candy Crush (public profile, friends list, email) to Farm Heroes (profile, friends list, email) to Spotify (profile, friends list, birthday, hometown, email).
You can also remove apps that look suspicious or that you don't use and, under "Apps, Websites and Plugins," choose to disable your Facebook login for plugins, games and outside websites.
You can change your privacy settings to minimize how much information you expose to the world. Under privacy settings, you can control who sees your posts, who sees your friends list and whether people can find your profile using your email, phone number or a search engine. You can adjust the settings so only your friends can see your posts and only you can see your friends list.
Always be careful installing Facebook apps, Levin said. They may contain malware or misuse your data. If you do use apps, make sure they're from companies you trust.
Here's a potpourri of things you may want to shore up while you're in settings.
• Security and login: Make sure you're using a strong password and two-factor authentication to protect your account.
• Timeline and tagging: You may be careful about what you post on your own timeline, and you can control who sees that here, but your friends may not be as careful about what they post. These settings allow you to set who can see posts you're tagged in. You may also want to activate "review," which lets you check posts you're tagged in before they appear on your timeline.
• Blocking: Here's where you can get specific. Blocking allows you to control your individual interactions with people on Facebook. You can set whether specific people can see posts, invite you to join apps or attend events. You can also block apps and pages.
• Face recognition: If you don't want Facebook to LITERALLY RECOGNIZE YOUR FACE in photos or videos, turn this off. Go to settings, Face Recognition and say "no."
• Lock down your browser: There are several browser extensions that can protect your privacy while you're online. A big one is an ad blocker, which not only does what it says, but can help control where your data goes while you're browsing. Lifehacker has a good roundup of privacy extensions here.
Since the Cambridge Analytica news broke, many people have reconsidered whether they want to use Facebook at all. It's pretty easy to delete. You can just click here.
There are some caveats: You won't be able to reactivate your account after doing this. You won't be able to get anything you've uploaded either, so you may want to download a copy of your posts and photos first. (You're given this option when you go to delete your account.) It will also take up to 90 days, according to Facebook.
Even after that, your data will still probably be out there. Other people will still have pictures of you they've uploaded, or messages you sent them. It's tough to put the toothpaste back in the tube.
Europe has a "Right to be forgotten" that allows people to ask Google to remove their name from search results. We don't. Until then, users of services like Facebook can exert pressure on companies and regulators to better protect their private data, Levin said.
And we should all be more mindful of the information we put out there, Levin said.
"You have to be more alert," he said. "You have to understand the ramifications of what you post and where you post it."
We love being able to share pictures of our kids and update our friends about new cars or jobs, but all that information is the product social media networks sell. Cambridge Analytica may have broken some Facebook rule in obtaining your data, but Facebook already markets that data to advertisers to make money.
We all have to recognize that we are the product, Levin said, and take the proper precautions. If not, there are other, more analog ways to share, he said: "Get a journal."
Get essential money news & money moves with the Easy Money newsletter.
Free in your inbox each Friday.