by Martin Brinkmann on October 14, 2018 in Companies, Facebook – 4 comments
Last month’s Facebook hack affected about 50 million Facebook accounts according to Facebook’s official announcement on September 28, 2018.
Hackers exploited a series of bugs in Facebook’s “View as” function that allows users of the site to view their profiles as public users. The function is handy as it allows users to determine what regular visitors to the profile page see to adjust the visibility of information accordingly.
The hackers gained access to “access tokens” which are used by Facebook and other authentication systems to determine whether the user is allowed to access certain content on the site.
That meant that the hackers did not gain access to user passwords and that it was trivial to shut them out.
Facebook disabled the feature after the hack and invalidated the method used by the hackers to gain access to account data.
The company updated the information that it revealed about the hack. Here is a quick summary of the updated findings based on Facebook’s investigation of the incident:
- The hackers controlled a number of accounts on Facebook already and used an automated technique to steal access tokens of friends, and friends of friends, and so on. About 400,000 accounts were affected by this and the attackers managed to gain access to account related data including posts on timelines, list of friends, group memberships, and names of recent Messenger conversations.
- The attackers used some of the accounts to expand the hack and steal about 30 million access tokens from Facebook users.
- For 15 million hacked accounts, name and contact details were accessed.
- For 14 million hacked accounts, additional information such as username, gender, religion, relationship status, and other profile related information was accessed as well.
- For 1 million hacked accounts, no information was retrieved.
Facebook users who would like to know whether their account was affected by the hack can visit the Security Notice page on Facebook to find out about that.
Just open the page and scroll down to the “Is my Facebook account impacted by this security issue?”. Users not affected should see the following paragraph on the page:
Based on what we’ve learned so far, your Facebook account has not been impacted by this security incident. If we find more Facebook accounts were impacted, we will reset their access tokens and notify those accounts.
Closing Words
Facebook users may want to check the security notice page to find out if their account was affected by the hack. (via Deskmodder)