Hackers stole personal data from 29 million Facebook users in a recent hack, including information like phone numbers, emails, gender, hometowns and even relationship data.
Facebook said Friday that hackers accessed personal data of 29M users in a breach at the world’s leading social network disclosed late last month. An additional 1 million accounts were affected, but hackers didn’t get any information from them.Originally Facebook said 50 million accounts were affected, but that it didn’t know if they had been misused.
All Facebook “2 billion global users” can use to check if their accounts have been accessed, and if so, exactly what information was stolen. It will also provide guidance on how to spot and deal with suspicious emails or texts. Facebook will also send messages directly to those people affected by the hack.
Vulnerability in the Facebook code:
Facebook said engineers discovered a breach on September 25 and had it patched two days later.
That breach allegedly related to a “view as” feature—described as a privacy tool to let users see how their profiles look to other people. That function has been disabled for the time being as a precaution.
Facebook reset the 50 million accounts believed to have been affected, meaning users would need to sign back in using passwords.
The breach was the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had their personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.
FBI investigates Facebook’s data breach
Facebook says the FBI has asked it not to reveal who might be behind an hack that affected 30 million users.
Facebook said the FBI is investigating, but asked the company not to discuss who may be behind the attack. The company said it hasn’t ruled out the possibility of smaller-scale attacks that used the same vulnerability.
Separately, Facebook said Thursday it had disabled dozens of accounts and profiles linked to Russian data firm SocialDataHub for unauthorized data collection, Reuters reports.
Facebook breach: today’s update from Facebook is significant now that it is confirmed that the data of millions of users was taken by the perpetrators of the attack. @DPCIreland’s investigation into the breach and Facebook’s compliance with its obligations under #GDPR continues https://t.co/ots8MZV3bt
— Data Protection Commission Ireland (@DPCIreland) October 12, 2018
Patrick Moorhead, founder of Moor Insights & Strategy, said the breach appeared similar to identity theft breaches that have occurred at companies including Yahoo and Target in 2013.
“View As” functionality shut down
Facebook won’t say who’s behind the latest security breach, the worst hack ever that has exposed serious flaws in the platform.
For the time being, Facebook also shut down the “View As” functionality, which allowed users to see how their profiles appeared to other accounts. Facebook confirmed that the attack did not affect Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.
If you’ve been affected by this attack, this is the wealth of personal information they’ve accessed. For 14 million people, they grabbed profile data, including:
- gender
- religion
- hometown
- education
- employer
- device types
- the most recent 10 places they were tagged in or checked themselves into
- 15 most recent searches
- contact information including email addresses and phone numbers
For another 15 million, they accessed only names and contact information.
Users can check on Facebook’s site to see what information was stolen, if any, from their accounts. The company advises affected users to watch out for scammy emails or phone calls potentially using the information obtained from Facebook.
