Hackers accessed intimate information of 14 million Facebook users

Lloyd Doyle
October 13, 2018

Facebook didn't respond to a request for comment, and Rosen declined to provide specific details on the attackers because the FBI is investigating the breach.

In a blog post Friday, Facebook said the 30 million had their access tokens-digital keys that keep people logged into social-media site-stolen when hackers "exploited a vulnerability" in the company's computer code between July 2017 and September 2018.

The attackers then used some of those 400,000 accounts to steal the access tokens from a total of 30 million users.

The company has a website its 2 billion global users can use to check if their accounts have been accessed, and if so, exactly what information was stolen. Facebook said on Friday that, "We now know that fewer people were impacted than we originally thought", and said that 30 million people had been impacted.

The attackers used the "view as" flaw with "a small handful" of accounts they controlled to capture data of their Facebook friends, then used a tool they developed to breach friends of friends and beyond, Rosen said.

In a statement the Data Protection Commission described the update as "significant", as it confirmed that the personal details of millions of Facebook users was accessed by hackers. For 14 million of them, hackers got even more data - basically anything viewable on your account that any of your friends could see, and more.

Rosen says the attackers did not access any credit card information associated with members' accounts, and that the company has not received any reports of stolen information being available on the dark web - portions of the internet requiring special software to reach.

The breach came about after hackers stole "access tokens", which allow users to browse Facebook without having to login multiple times.


It could have affected pages from political and self-help groups as well as businesses that won't like the idea of others accessing their messages. It also confirmed the Federal Bureau of Investigation is involved - but has told it "not to discuss who may be behind this attack".

Facebook patched the issue last month and asked 90 million users to log back into their accounts, many just as a precaution.

"For 1 million people, the attackers did not access any information", Rosen said.

The attack prompted Facebook to take the unprecedented step of logging out the 50 million users whose accounts were exposed and logged out another 40 million users as a precautionary measure.

On September 25, the trend was identified as an attack, prompting programmers to close the vulnerability, which happened within two days, the tech chief said.

And while the larger ramifications of the breach, announced two weeks ago, are as of yet not fully understood, Facebook claims it has a decent grasp on one important detail: Whether or not you are one of the victims.

Facebook is working alongside the FBI, and according to remarks by Vice President of Product Management Guy Rosen, the agency's investigation appears to be ongoing.

Other reports by Iphone Fresh

Discuss This Article

FOLLOW OUR NEWSPAPER