Published: Sat, October 13, 2018
Economy | By

Facebook says attackers stole details from 29 million users

Facebook says attackers stole details from 29 million users

Facebook says the FBI is investigating a major security breach of its service, but the company says authorities asked it not to discuss who may be behind the attack.

Facebook Inc.'s major hack, announced two weeks ago, affected 30 million people, not 50 million as originally feared.

For 400,000 of the accounts, which these attackers used to seed the process of gathering login tokens, personal information, such as "posts on their timelines, their lists of friends, Groups they are members of, and the names of recent Messenger conversations" and, in one instance, actual message content, were compromised.

The good news is this attack was just restricted to Facebook and didn't affect any other services including Instagram, WhatsApp, Messager Kids, etc.

Regulators around the world have ongoing inquiries into another matter that came to light in March: How profile details from 87 million Facebook users were improperly accessed by political data firm Cambridge Analytica.

No data was accessed in the accounts of the remaining one million people whose "access tokens" were stolen, according to Rosen. And for 14 million more people, the hackers were able to get a lot more information, like username, gender, relationship status, religious, birthday, and a ton of other information including things you've searched for.

Facebook isn't giving a breakdown of where the users are located, but said the breach was "fairly broad". "The calculations of the potential fines under GDPR are a bit mind-boggling with any possible impact to millions of users".

Upon request from the FBI, Facebook declined to offer any information as to who might be behind the attack, or whether users in specific regions were targeted.


The hackers had used access tokens to get into the accounts between September 14-27, which have since been invalidated, Facebook said.

Rosen said they found no reason yet to believe hackers were in interested in people's information, rather that it appeared the mission was to harvest access tokens from friends associated with breached accounts.

Users can check to see if they were affected by the hack by visiting Facebook's help center.

Facebook said the Federal Bureau of Investigation had requested it did not discuss who may be responsible for the attack, which was first revealed last week.

The vulnerability the hackers exploited existed from July 2017 through late last month, when Facebook noticed an unusual increase in use of its "view as" feature.

Access tokens work as digital keys, letting those who hold them log into Facebook accounts without entering a password.

Facebook identified a spike in the activity of September 14, 2018, which led them to launch an internal investigation.

Like this: