Facebook says hackers accessed highly-detailed personal data of 15 million users

Dwayne Harmon
October 15, 2018

The social network said in late September that hackers stole digital login codes allowing them to take over almost 50 million user accounts in its worst security breach ever, but did not confirm if information had actually been stolen. While they procured access tokens for another one million Facebook users, the hackers did not steal any data in this case.

Today, Facebook said hackers accessed names, email addresses or phone numbers from these accounts. While Russian agents had used Facebook and other social media to incite conflict before the 2016 election, domestic sources of false or misleading posts have jumped into the fray, the company said.

For another 14 million people affected by the hack, Facebook believes that attackers obtained that same information-as well as additional details like gender, relationship status, religion, birthdates, the last 10 places they checked into, their 15 most recent searches, and the type of device they use to access Facebook.

That feature allows users to check privacy settings by glimpsing what their profile looks like to others. "Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app", Rosen said.

The social network apologized for the incident in a statement, explained the measures it was taking to protect possibly affected users and said law enforcement authorities had been alerted.

Facebook Vice President Guy Rosen said in a Friday call with reporters that the company hasn't ruled out the possibility that other parties might have launched other, smaller scale efforts to exploit the same vulnerability before it was disabled. In short, it allowed hackers to generate tokens that allow access to user profiles. "It's not that their motivation is to attack Facebook, but to use Facebook as a lily pad to conduct other attacks". They then used the same vulnerability over and over again until they gathered tokens for around 400,000 accounts, which Rosen referred to as "seed accounts".

Melania Trump reveals her experience of online bullying
But when pressed by Llamas, she said there are still people working inside the White House she does not consider trustworthy. The full interview, titled "Being Melania", will air tomorrow as an ABC special at 10pm EST (3am BST on Saturday).


Farah Khan, Farhan Akhtar and Twinkle Khanna on Sajid Khan’s case
She took to Twitter to share an incident that roots back to the early 2000's when Sajid sexually molested her at his home. When she finally confronted him and asked what he wanted from her, he said he wants to make her his b****, writes Saloni.


Dubai-bound Air India Express flight diverted after hitting wall
Directorate General of Civil Aviation, which investigates aviation accidents and incidents, has been informed about the incident. Tamil Nadu Minister Vellamandi Natrajan visited the spot and inspected the damages to the wall, adjacent to a state highway.


Facebook has also established a Web page at facebook.com/help/securitynotice?ref=sec that will inform its 2 billion users who are logged in whether their accounts were affected.

Within two days after Facebook determined this was actually an attack, it closed the vulnerability, stopped the attack, and secured people's accounts by resetting the access tokens for people who were potentially exposed.

The company had initially said 50m accounts were affected but now revised it "only" 30 million. Facebook Messenger was also unaffected.

Facebook data breach: Here is how to find out if your data was stolen and what to do.

The attack did not affect Facebook-owned Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps or advertising or developer accounts, the company said. He said that although the attackers would have the ability to view private message or post on someone's account, there were no signs that they did either of those things.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER