Facebook says recent data breach wasn't 'related to the midterms'

Ann Santiago
October 14, 2018

In a conference call today, Facebook's Guy Rosen said that the company was working with the Federal Bureau of Investigation, but had been advised not to comment on who the perpetrators might be.

When Facebook recently confirmed that a major hack had accessed the platform, it said that upwards of 50 million accounts were affected by the security breach. Of that total, 1 million people did not have any information accessed, while 15 million people had their name and contact details (phone number, email, or both, depending on what people had on their profiles) accessed.

Facebook says the attack didn't impact Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.

Facebook will notify the 30 million people affected with customized messages to tell them exactly what the attackers accessed from their accounts.

The hackers had used access tokens to get into the accounts between September 14-27, which have since been invalidated, Facebook said.

Wondering whether you are one of the 29 million Facebook users who had their personal details - including location and search history - stolen by hackers?

"Within two days, we closed the vulnerability, stopped the attack, and secured people's accounts by restoring the access tokens for people who were potentially exposed", Facebook said.

Facebook has also established a Web page that will inform users who are logged in whether their accounts were affected.

Turn on two-factor authentication whenever you can, but especially on your most sensitive or valuable accounts. The hack involved the "view as" feature that allows users to see how their account profiles look to others.

Last month, Facebook reset the tokens of almost 50 million accounts that it believed were affected and, as a precaution, also reset the tokens for another 40 million accounts that had used "View As" in the past year.

First, attackers exploited a vulnerability in the site's code that apparently resulted from three separate bugs, from July 2017 to September 2018.

Now, Facebook has released an update on the breach investigation revealing the true number of users affected by the hack.

Additionally, Facebook advises people to be wary of unwanted phone calls, text messages and emails.

Rosen says the attackers did not access any credit card information associated with members' accounts, and that the company has not received any reports of stolen information being available on the dark web - portions of the internet requiring special software to reach.

In a way, this is good news, given that when Facebook previously said it thought as many as 50 million users had been affected.

You can check the complete details of data stolen during this massive security breach by heading over to this link.

Once they had keys to accounts, hackers had the ability to get into them and control them as though they were the real owner.

Patrick Moorhead, founder of Moor Insights & Strategy, said the breach appeared similar to identity theft breaches that have occurred at companies including Yahoo and Target in 2013.

Other reports by

Discuss This Article