Facebook’s security flaws exposed more than Facebook — here’s what (little) you can do

From NBC News:
by Jason Abbruzzese, Ben Popken and David Ingram

SAN FRANCISCO — The security issue Facebook announced on Friday has alarmed researchers who say attackers collected information that not only gave access to sensitive information on Facebook, but also could be used to access many websites that use the social network’s “Login with Facebook” function.

Facebook revealed that unnamed attackers were able to exploit a series of flaws to collect “access tokens” for 50 million accounts. Those tokens, Facebook said, would allow attackers to take over profiles and theoretically access any information therein. It has not announced how many of those 50 million accounts were accessed or what if any information was taken since the account tokens were first exposed 14 months ago.

But security researchers are warning users to be on alert for suspicious activity — on and off Facebook.

The tokens could have been used to create or access accounts with companies that use Facebook’s “Login with Facebook” function, which allows people to sign up for various websites and services with their Facebook profiles.

Jason Polakis, an assistant professor of computer science at the University of Illinois at Chicago, said Facebook users should check their connected apps for any accounts they had not signed up for.

• Go to Facebook and click on the arrow in the top right.
• Click on “Settings” and then on “Apps and Websites.”
• These are the companies with which your account has been logged in using your Facebook account. If you see any companies you do not recognize, you should report them to Facebook.
• For companies you did use Facebook’s single sign-on, go to those accounts to see if anything has changed or there was any recent suspicious activity.
• Keep an eye out for any suspicious activity such as emails from companies that you have not signed up for.