Because Facebook is bad at security, 29 million users had their data stolen from hackers
Facebook has now confirmed that 29 million people had their personal information stolen.
No matter how much it tries to sugarcoat it, the most recent hack Facebook is experiencing right now is turning out to be much more destructive than once believed. In other words, it’s a complete shit show.
On Sept. 28, the social network announced that hackers had stolen security tokens associated with 50 million user profiles. At the time, Facebook forced those users and 40 million others to log back into their accounts.
Here’s how it happened
Facebook said hackers exploited the company’s systems through a flaw in the “View As” feature, which allows a user to view their profile as a friend, the public, or another third party.
By using a vulnerability in the “View As” feature, the hackers were able to access the access tokens of users. These access tokens are basically digital keys that open the door for apps and Facebook to connect and keep users from having to log into Facebook every time they access the site.
When Facebook began its investigation, it suggested that actual user information wasn’t taken, only the token. Unfortunately, that doesn’t appear to be the case.
Oh, it gets worse
In today’s update about the issue, Facebook says 30 million users had their tokens stolen, not 50 million. Unfortunately, it now appears that this was a malicious attack. As such, 15 million Facebook users had their name and contact details compromised, while 14 million had that information stolen plus other details found on their profiles.
This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.
Seriously, folks, this is bad. Like, really really bad.
Ryan Mac, a senior reporter for Buzzfeed News made a really great point about this whole thing and why Facebook shouldn’t be trusted. In a tweet posted to Twitter on Friday, he points out, “Facebook is trying to spin this by saying that it’s actually 30 million people, not 50 million people affected. But given the amount of contact/personal information that was accessed, this is much worse than anyone first thought.”
The last bit is a doozy. If a hacker has access to your contact/personal information, it’s pretty safe to say the things they can do with this information is virtually endless. I mean, think about it, they were able to hack Facebook, so yea.
To give you an idea of kind of the contact/personal information these hackers have access to, check out the follow-up tweet Mac posted to Twitter:
Want to get an idea of how inconvenient this could be for the 14 million people affected by this data-breach? Quartz’s deputy tech editor Mike Murphy was one of the unfortunate victims and recently posted to Twitter on what he’s dealing with right now.
yeah — hackers now have my email address and phone number, which means 2FA security is screwed for me on sites/apps that only offer texting as a 2FA option https://t.co/PCMYp5u7Tg
— Mike Murphy (@mcwm) October 12, 2018
How to check if your Facebook account was impacted by this security issue
Facebook has published a special page online where you can see whether your personal information was hacked. You must be logged into your Facebook account to see this information.
Obviously, this is bad news for those affected. Hopefully, more information about the hack will be forthcoming.
Editors note: This post has been updated with tweets that reflect further analysis on this matter.
Were you affected by the Facebook hack? Do you still plan on using Facebook after this news? Let us know below.
- Facebook is trying to bring chat rooms back with this new Groups feature
- Facebook announces its new video-calling device, Portal
- Facebook pinky swears hackers didn’t use your login to access third-party apps