Facebook - Hackers Saw Personal Info of 14 Million People

Doris Richards
October 18, 2018

Facebook have confirmed that attackers used access tokens to gain unauthorised access to account information from approximately 30 million Facebook accounts.

However, the company noted that the attack was limited to Facebook and its other platforms like Messenger, WhatsApp, Oculus and payments among others are safe.

The hackers began with a set of accounts they controlled, then used an automated process to access the digital keys for accounts that were "friends" with the accounts they had already compromised.

While the news is better than it was, both in terms of the number of users affected and confirmation from Facebook that third-party services using Facebook as an authentication system were not affected as had previously been feared, a 30 million strong breach is still bad news - and it has occurred in the era of the General Data Protection Regulation (GDPR), which allows for hefty fines against companies who should have taken better care of user data.

What happened: Facebook said the Federal Bureau of Investigation is now investigating the hack. It said it had been "working around the clock to investigate the security issue".

Facebook came under severe scrutiny in March after the Cambridge Analytica scandal, which affected 87 million users.

All you have to do to figure out if you've been hacked is visit this page on the Facebook Help Center and scroll to the bottom. Of the 30 million accounts hacked, at least 14 million of them had a substantial amount of personal information compromised.

Facebook now says that only 29 million accounts were affected but, even two weeks later, it is still not one hundred percent clear how the hackers did it. "We'll be explaining what information the attackers may have accessed as well as steps they can take to help protect themselves from any suspicious emails or text messages or calls that could potentially result from this kind of information being exposed".

Nearly 30 million Facebook users' phone numbers and email addresses were accessed by hackers in the biggest security breach in the company's history, Facebook said on Friday.

"For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles".

Facebook has said it will directly contact people who were affected by the hack.

The attackers exploited a vulnerability in Facebook's code that existed between July 2017 and September 2018.

"Tens of millions of people impacted by the Facebook data breach are likely to find that they have now become intertwined in systematic phishing campaigns that will persistently target them and the organizations they work for for a long time", Oren Falkowitz, CEO of security firm Area 1 Security, said in an email.

Thomas Rid, a professor at the Johns Hopkins University, also said the evidence, particularly the size of the breach, seems to point to a criminal motive rather than a sophisticated state operation, which usually targets fewer people.

Facebook's vice president of prodcut management Guy Rosen revealed more details about the hack in a blog post today.

"This doesn't sound very targeted at all", he said.

Other reports by Iphone Fresh

Discuss This Article