New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Hackers Accessed Data From 29 Million Facebook Users

Two weeks ago, Facebook announced that it discovered a security breach allowing hackers to steal Facebook data from millions of accounts, and today, Facebook shared further data on just what was accessed.

To get the Facebook data, hackers took advantage of a security flaw in the social network's "View As" code, a feature designed to let people see what their profile looks like to someone else. The Facebook access tokens that hackers were able to obtain are basically digital keys that allow people to stay logged in to Facebook.


According to Facebook, hackers used a set of accounts that they controlled that were connected to Facebook friends. An automated technique was used to move from account to account, allowing them to collect access tokens in September 2018.

Hackers were able to obtain timeline posts, friend lists, groups, and the names of recent Messenger conversations from an initial 400,000 people. People in this group who were Page admins of a Page that had received a message from someone on Facebook had the content of their messages stolen.

After stealing data from the 400,000 people attacked first, Facebook used their friends list to steal access tokens for approximately 30 million people.

For 15 million people, attackers were able to access name and contact details that include phone number and email address.

For 14 million people, hackers were able to access the same information as well as other data that includes username, gender, location, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places where they checked in, websites, people, Pages they follow, and 15 most recent searches.

An additional 1 million people had their access tokens stolen but no information was obtained.

According to Facebook, people can find out whether or not they were affected through the Facebook Help Center. Over the "coming days," Facebook plans to send customized messages to the 30 million people who were affected to explain what information hackers might have obtained.

The FBI is investigating the attack and Facebook has been asked "not to discuss who may be behind [the] attack."



Top Rated Comments

(View all)

5 days ago at 11:19 am
And people looked at me crazy when I say I never had a FB account..
Rating: 26 Votes
5 days ago at 11:21 am
I'm not sure it's useful to differentiate between hackers stealing your personal data vs Facebook willingly selling it to others. The net effect is the same.
Rating: 18 Votes
5 days ago at 11:18 am
This is like the guy that sat on the toilet at 11:59 pm and got off at 12:01 am....Same S*** Different Day.
Rating: 18 Votes
5 days ago at 11:34 am

The FBI is investigating the attack and Facebook has been asked "not to discuss who may be behind [the] attack.

It's the Russians.

Blaming everything on Russians is the wrong way forward.
Rating: 13 Votes
5 days ago at 11:20 am
Are you #2cool4facebook? Let us know below because we are extremely interested.
Rating: 11 Votes
5 days ago at 11:39 am

The FBI is investigating the attack and Facebook has been asked "not to discuss who may be behind [the] attack.

It's the Russians.

Or China, or North Korea, or Iran.

Glad I deleted my account in 2016.
Rating: 10 Votes
5 days ago at 11:20 am
Let’s see how long it takes this number to balloon to over 100 million.
Rating: 8 Votes
5 days ago at 11:16 am
This is the new Yahoo..
Rating: 8 Votes
5 days ago at 11:45 am

It's astounding that people are so willing to give so much personal data to a company.

This 1000%..

People need to realize that everytime you check or submit info to these sites; you are pretty much walking into a store and giving whoever is behind the counter your personal information in return for use of their services.

Just imagine walking into a store and the person behind the counter saying; Hi, in order to proceed, please let me know your gender, relationship status and whom you're involved with, your closest circle of friends, interests, political interests, religion, location data, your career field, your employer, and also please submit photos of yourself, pets, friends, and family in order to proceed.

What would you do? How would that make you feel?
Rating: 8 Votes
5 days ago at 11:40 am
It's astounding that people are so willing to give so much personal data to a company.
Rating: 8 Votes

[ Read All Comments ]