Facebook Says Last Month’s Massive Security Hack Affected 30 Million Users (Location & Search History Also Stolen)

Facebook says the security breach that rattled users last month impacted fewer people than initially believed. It’s still in millions of users but down to 30 million from 50 million users who were originally expected to be impacted.

In a post earlier today, the company said that the attackers exploited a vulnerability in Facebook’s code that existed between July 2017 and September 2018. This vulnerability in the code of View As (a feature that allows you to see how their profile looks to a specific set of people) enabled hackers to get access to a digital token that was used to log into millions of user accounts.

facebook-gdpr-reviewRelated How to Check If Your Account Data Was Stolen in Yet Another Facebook Hack

It allowed attackers to steal Facebook access tokens, which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.

Facebook: Time for some more bad news

In the world of Facebook, that number is actually a good news considering it’s usually the other way around – we are given a number and then the investigations discover the impacted people are even more than originally reported.

But the real bad news is that the attackers did get access to personal user data of millions of users. This data includes but is not limited to:

  1. Name
  2. Contact info, including phone numbers and emails
  3. Gender
  4. Language
  5. Relationship status
  6. Religion
  7. Hometown
  8. Self-reported current city
  9. Birthdate
  10. Device types used to access Facebook
  11. Education
  12. Work
  13. Last 10 places they checked into or were tagged in 
  14. People or Pages they follow
  15. 15 most recent searches

While any kind of personal information has to be kept private and secure, the social networking giant is potentially going to deal with a lot more issues thanks to it keeping tabs on location and search history and then securing it in a way that a vulnerability allowed hackers to get access to this data too.

cdudigital-conference-in-berlinRelated Facebook Removes Hundreds of Accounts and Pages for “Coordinated Inauthentic Behavior” AKA Spam

Facebook says that out of the 30 million impacted users, for 1 million people, the attackers did not access any information. The FBI is currently investigating the attack.

– For more details, head over to the company blog post.

RELATED ARTICLESMORE FROM AUTHOR