Forgot your password?

Back to login

Facebook hack compromises 30 million profiles
October 22, 2018, 1:04 pm

A flaw in Facebook’s ‘view as’ feature allowed a group of hackers to gain unauthorized access to millions of accounts in September. Last week, the company released a statement on exactly what data was accessed by the hackers as part of the breach.

According to the statement, hackers stole the access tokens of 30 million users, which allowed them to gain complete access to the profiles of those users. Of those 30 million, the hackers accessed basic contact information (name and either email or phone number) for 14 million accounts, and additional information including gender, religion, location, device information, and the 15 most recent searches for another 15 million accounts. No information was accessed for the remaining one million accounts.

As has become the staple response after such security breaches, the Vice-President of Product Management at Facebook, Guy Rosen told reporters: “We take these incidents really, really seriously. He also disclosed that the FBI was actively investigating the hack, but declined to give further details, saying the bureau had “asked us not to discuss who may be behind this attack.”

Facebook has pledged to notify all 30 million users through the Help Center in the coming days. Crucially, Facebook said no data was taken from third-party apps linked to the accounts, including Facebook products like Instagram, Messenger and WhatsApp. At the same time, there may have been smaller but more invasive attacks during the same period that have yet to be uncovered by Facebook’s investigation. There is also no indication that the hackers posted any content while logged in.

The statement also gives new detail into the timeline of the attack. The first spike of activity registered on 14 September, but it only 11 days later that Facebook identified the activity as a malicious attack. The vulnerability was closed two days later and reported to users and privacy officials in accordance with breach disclosure laws.

Facebook is offering a way to see whether your account was broken into and what information was seen. If you visit Facebook’s Help Center, a notice at the bottom will explain whether your account was affected. If it was, it will state what information was taken.

If your account was accessed, Facebook says you do not have to do anything to secure it at this point. Passwords were not stolen, so you do not need to change yours. Instead, the hackers took account access ‘tokens’ that let them log in. Facebook reset those tokens last month, which is why you might have found yourself logged out of your account one day in late September.

For now, it is not clear what, if anything, there is for users to do about the fact that the private information they entrusted to a company has once again been accessed by hackers.

Of course, if you are fed up with the constant privacy issues, there is one thing you can do to make sure you are safe in the future — quit Facebook.

Share your views

"It is hard to fail, but it is worse never to have tried to succeed."

"Envy comes from wanting something that isn't yours. But grief comes from losing something you've already had."

Photo Gallery