Facebook lets users check if hacked

Thursday, 18 October, 2018

Facebook has now downgraded the number of people affected by the latest data breach from 50 million to 30 million and in further good news assured users that the hackers were unable to access sensitive data such as passwords or any financial information.

The attack is the worst-ever security breach in Facebook’s history when an unknown group of hackers were able to steal access tokens and take advantage of a flaw in the ‘View As’ feature.

But despite Facebook’s reassurances users should still be uneasy about the privacy of their accounts. Those details the hackers did access, such as gender, relationships, status and hometown are still extremely unnerving and valuable to the hackers.

To their credit Facebook has been quick off the mark in letting its two billion users check exactly what has been accessed. It will also provide guidance on how to spot suspicious emails or texts that might come from the hackers.

Facebook said they would be sending messages directly to those affected. And gave reassurances the problem has now been fixed and had logged out affected users to reset their digital keys.

The hackers did gain access to names, email addresses and phone numbers but Facebook identified 14 million users where the hackers gained much more.

Depressingly it transpired that it included pretty well anything on your account, including relationship status, religion, the last ten places you checked into or were tagged in and your websites, people or pages your follow and even your 15 most recent searches.

So far, Facebook has not given a breakdown of where users are, only saying the breach was ‘fairly broad’. But, the company did say it planned to send messages to people whose accounts were hacked.

While may commentators have thought the breach was similar to that which occurred at Yahoo, Facebook has not ruled out the possibility of further attacks from other nefarious parties that seek to exploit the vulnerability.

Facebook said the FBI, who are investigating the breach, has asked the company not to discuss who may be behind the attack. Although many believe it was more than likely to have been criminals rather than a state-sponsored attack.

Image: fra382.us

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.