Facebook Says Hackers Accessed Data of 29mn Users

Facebook Says Hackers Accessed Data of 29mn Users

Facebook Says Hackers Accessed Data of 29mn Users

The social network said in late September that hackers stole digital login codes allowing them to take over almost 50 million user accounts in its worst security breach ever, but did not confirm if information had actually been stolen. Before we get too deep into the weeds of how Facebook says the attack happened and what it's doing about it now, here's how to tell if you're one of the 30 million or so people affected.

The new details come two weeks after Facebook first announced that attackers had access to 50 million users' accounts - meaning they could have logged in as those users. For those 400,000, the attackers could see what the users see as they look at their own profiles.

Access tokens work as digital keys, letting those who hold them log into Facebook accounts without entering a password.

However, unlike other major hacks involving big companies, Facebook said it had no plans to provide protection services for concerned users.

Cyberattackers accessed that data plus additional information including gender, religion, hometown, birth date, and places they had recently "checked in" to as visiting, according to Facebook.

In addition, affected users will receive messages in the coming days with details on what information may have been accessed, as well as steps to take to protect themselves.

Rosen said Facebook is cooperating with the ongoing FBI investigation into the breach, but would not give any details on who the hackers were or where they were based.

So far, Facebook said it hasn't seen the information appear anywhere else online, but the company continues to investigate the incident with the Federal Bureau of Investigation. There had been concerns about whether hackers could access outside apps that use Facebook login credentials, but that turns out not to have been the case.

Facebook declined to say whether stealing identities, or anything else, was the motive for the attack.

So they accessed 400,000 accounts using the vulnerability in the View As feature. Facebook will also send messages directly to those people affected by the hack. The commission, which is the European Union's lead regulator for privacy matters, said in early October it would investigate the data breach to determine if Facebook violated the EU's General Data Protection Regulation, or GDPR, privacy laws.

But a trio of errors in Facebook's software enabled someone accessing the feature to post and browse from Facebook accounts of other users.

Facebook said last month that it detected the attack when it noticed an uptick in user activity. The attack began on September 14, but Facebook only realized it was a threat by September 25. Facebook says hackers did not gain access to financial information, such as credit card numbers.

This was clearly an intentional, malicious theft of user data from Facebook, and some of that data is very granular. The company said the actual content of the messages was not revealed unless "a person in this group was a Page admin whose Page had received a message from someone on Facebook, the content of that message was available to the attackers".

Related news