What happened on Facebook?

On the afternoon of Tuesday 25 September, Facebook's engineering team discovered a security issue. The team fixed the vulnerability and took the precautionary step of resetting the access tokens of anyone who might have been affected.

Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app.

What does this mean for Workplace?

What does this mean for Workplace?

For most Workplace accounts, nothing. Workplace is set up differently to Facebook, and most accounts don't use the access tokens that could have been affected by this vulnerability.

However, during the beta phase of Workplace, prior to the summer of 2016, Workplace included a feature that allowed people to link their personal Facebook and Workplace accounts. Linked accounts from this period could have been affected by this issue.

All of those accounts were protected when we reset affected access tokens last week.

If you joined Workplace after summer 2016, your Workplace account was not affected.

If you joined before summer 2016 and chose to link your accounts, but then enabled single sign-on, your Workplace account was not affected.

If you joined before summer 2016, linked your personal Facebook and Workplace accounts, have not enabled single sign-on and had your access tokens reset in connection with this issue, it is possible that your Workplace account could also have been affected, but it has now been protected.

Let's stay connected

Get the latest news and insights from the front line of work.

By submitting this form, you agree to receive marketing-related electronic communications from Facebook, including news, events, updates and promotional emails. You may withdraw your consent and unsubscribe from such emails at any time. You also acknowledge that you have read and agree to the Workplace Privacy Terms.

I'm a customer – what should I do next?

I'm a customer – what should I do next?

No further action needs to be taken by Workplace customers.

Your security remains our top priority, which is why our compliance certificates include ISO 27001, SOC2, SOC3 and the EU/US Privacy Shield.

For the latest information, view the official Facebook Newsroom post. If you're a customer with more questions, please contact our Customer Support team.

Was this article helpful?
Thanks for your feedback

Recent posts

Business communication | 10-minute read

Why ADP and Workplace are better together

The Workplace and ADP integration is boosting productivity by providing convenient access to your HR and pay information. We talk to Ari Osur, VP Marketing, ADP Ventures to find out more.

Business communication | 10-minute read

Using Workplace groups to take control of collaboration

Create a private space to discuss projects, manage information and securely share documents with people and teams.