Facebook data breach: What happened, who is affected

Facebook on Friday admitted that hackers leaked data of at least 30 million users around the world. Guy Rosen, Vice-President of Product Management said that the attackers exploited a vulnerability in Facebook’s code that existed between July 2017 and September 2018.

Earlier, Facebook reported it had learnt of a data breach concerning at least 50 million people. On Friday, the company said after the investigation it discovered only 30 million accounts were affected.

How did it happen?

In the statement, Rosen revealed that the attackers stole Facebook access tokens from a bug in the 'View As' feature, as the social media site lets users view their profile as someone else. The access code allows a user to stay logged in without entering the password everytime they access the app.

The hackers selected users and developed an automated technique to go through different accounts from friends, and friends of those friends. It helped them reach about 400,000 people. Then the hackers stole access codes of friends of these 400,000 users, totalling to 30 million people.

What was leaked?

Facebook revealed the attackers stole significant data of 14 million people, including name and contact details (email and mobile number), username, gender, language/locale, relationship status, religion, hometown, current city, birthdate, device types, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow and 15 most recent searches on Facebook. For 15 million, only names and contact information was accessed. Facebook claimed hackers did not access any information of 1 million people.

Facebook learnt of the hacking from an unusual spike of activity on 14 September 2018. After an investigation, on 25 September 2018, they concluded that the spike was an attack and fixed the vulnerability.

Rosen claims that they are cooperating with the FBI and they were told not to reveal the identity of hackers. "We’re cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack," said Rosen.

At the same time, The New York Times reported that Facebook removed 66 accounts, pages, and apps linked to Russian firms that build facial recognition software for the Russian government by claiming it violated the social media giant's policies. However, the report did not link the recent data leak to the Russian pages' purge.

How to check if you've been hacked

Facebook has advised users to check whether they were affected to this massive breach visiting Facebook Help Center.

The Help Center page describes the incident as well as inform the user whether their account was affected. The Help Center page says Facebook has invalidated the access token of almost 90 million accounts which had led to logging out of the users' accounts. It also says the company had explained to the users who were logged out about the attack from 28 September onwards.

The impact of the data breach

The page also says that the investigation over the breach is still going on. "We have not ruled out the possibility of smaller-scale attacks, which we're continuing to investigate," said Guy Rosen.

Wired reports that Facebook could not find whether the attackers used the access token to use third-party apps and services, which is technically viable. Facebook also claimed no account passwords or credit card information was compromised. Wired warns a boon to phishers and scammers for years to come.