Connect with us

Data Breach

It looks like the latest Facebook hack was caused by spammers trying to make a quick buck

Turns out it wasn’t a foreign nation-state behind the attack.

facebook breach hack spammers
Image: Unsplash

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Facebook has determined scammers are behind the latest hack that exposed personal data for 30 million users. The preliminary findings show the hackers weren’t affiliated with a nation-state and their goals were financial, not ideological, according to a report from The Wall Street Journal.

During its ongoing investigation, the social network found the people behind the attack are a group of scammers that present themselves as a digital marketing company. Facebook said it was working closely with the Federal Bureau of Investigation (FBI) on the probe.

It seems these spammers were using the information to deliver spammy and deceptive ads to users.

What happened?

On Sept. 28, Facebook announced that hackers had stolen security tokens associated with 50 million user profiles. At the time, the company forced those users and 40 million others to log back into their accounts.

Facebook said hackers exploited the company’s systems through a flaw in the “View As” feature, which allows a user to view their profile as a friend, the public, or another third party. Here is CBS News‘ original report on the subject.

By using a vulnerability in the “View As” feature, the hackers were able to access user tokens. These access tokens act as digital keys that open the door for apps and Facebook to connect and keep users from having to log into Facebook every time they access the site.

Facebook doubled back on what was stolen

When Facebook began its investigation, it said actual user information probably wasn’t taken, only the token. Unfortunately, that wasn’t correct.

Last week, Facebook admitted 30 million users had their tokens stolen, not 50 million. Unfortunately, 29 million of those had personal information compromised.

Of those, 15 million Facebook users had their name and contact details compromised, while 14 million had that information stolen plus other details found on their profiles.

This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.

Where this goes from here is anyone’s guess. Publicly, Facebook has yet to share the details about who was behind the attack citing its cooperation with the FBI.

“They’re actively investigating this with us and they’ve asked us not to discuss who may be behind this attack or what their intentions could be,” said Facebook’s Guy Rosen.

I think for the average Facebook user, it doesn’t matter who stole information through this hack just that it happened. Hopefully, the company learns from this and beefs up its security moving forward.

Does the Facebook hack make you less likely to use the service? You know what to do below. 

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Bryan considers himself a well-rounded techie, having written articles for MakeUseOf, KnowTechie, AppAdvice, iDownload Blog. When he's not writing, he's being a single dad and rooting for his alma mater, Penn State, or cheering on the Patriots.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Data Breach