Facebook hackers stole numbers, emails, location of 30 million people
Days after revealing a major data breach, social media giant Facebook has finally confirmed the information hackers stole during the attack - and it's pretty scary. The company, which initially said 50 million users were affected in the breach, stated nearly 30 million of those actually had their data compromised. This included their names, numbers, emails, locations, among others. Here's more.
30 million accounts breached, 29 million accessed
After leading a two-week-long investigation, Facebook gained insight into how hackers compromised millions of accounts using a vulnerability in one of its features. The findings revealed they breached 30 million user accounts and accessed information from nearly all of them. Specifically, just one million accounts involved in the attacked were spared by the hackers, Facebook revealed on October 12.
What kind of information was stolen?
Hackers gained access to information ranging from phone numbers and emails to personally identifying information like name, gender, birthdate, religion, language, education, work, and location - hometown, current city, and last 10 checked or tagged-in places. Nearly 14 million of the affected accounts had all this information compromised, while the rest 15 million only had their contact information (email and numbers) accessed.
Log-in information, search history also accessed
Along with personal information, hackers also accessed information detailing what devices these 14 million people used to log into Facebook, the pages or people they followed, and their 15 most recent searches on the platform.
But, how they carried an attack on such a scale?
Initially, Facebook said hackers exploited a vulnerability in its 'View As' feature to steal access tokens or digital keys to breach accounts. Now, giving more insight, the social network revealed an automated technique was used to steal the tokens. The hackers first stole tokens from their friends, then from their friends, and kept moving from account to account to steal tokens from 400,000 accounts.
400,000 accounts became the source of breach
Once the hackers had access tokens for 400,000 accounts, they got access to their profiles and the content they had, including posts, friend lists, groups they had joined. Though message content wasn't revealed in the process, the hackers were able to use the friend lists of these users to scale up the attack and target as many as 30 million people.
Is there a possibility of data misuse?
Sure, there is. Facebook hasn't said anything if this data has been misused, but contact, as well as personal information, can easily be sold for the purpose of targeted advertising. In fact, we've already seen some account listings from this breach on popular dark web marketplaces. Not to mention, such information can even be used to blackmail and extort money from people.
There's a way to check if your account was impacted
While all the accounts involved in the breach were logged-out due to Facebook's precautionary measure of resetting access tokens, you can even check now if your account was impacted. Just visit this page: https://www.facebook.com/help/securitynotice?ref=sec, and scroll to the bottom.
What Facebook is doing on its part?
On its part, Facebook is working with the authorities to investigate the breach and determine all other ways the hackers may have used Facebook. The company has said Instagram, WhatsApp, and all other services and apps connected with Facebook were not affected in the breach. However, they're still looking at the possibility of smaller-scale attacks. It will even update users individually in coming days.