Facebook confirms 30 million people had personal data stolen in breach

Facebook confirms 30 million people had personal data stolen in breach

Facebook didn't respond to a request for comment, and Rosen declined to provide specific details on the attackers because the FBI is investigating the breach.

Those tokens, which were stolen by taking advantage of three software bugs relating to the platform's View As profile feature, essentially allow an attacker to hijack the Facebook profiles of affected individuals.

It said third-party apps and Facebook apps like WhatsApp, Instagram and Messenger were unaffected by the breach.

By deleting your account, you will actually remove your personal information from Facebook's servers. The social media giant said users should visit Facebook's Help Center to see if their account was affected. The company found out about the attack on September 25 and it took them two days to close the vulnerability by resetting the access tokens for people who were potentially exposed.

The attackers, he said, began the attack by obtaining the access tokens of 400,000 seed accounts.

Facebook said cyberattackers accessed that data plus additional information including gender, religion, hometown, birth date and places they had recently "checked in" to as visiting.

Facebook said the Federal Bureau of Investigation had requested it did not discuss who may be responsible for the attack, which was first revealed last week.

Nearly 30 million Facebook users' phone numbers and email addresses were accessed by hackers in the biggest security breach in the company's history, Facebook said Friday.




So, if Facebook says your "account has not been impacted", are you in the clear?

Access tokens work sort of like a digital set of keys and are what allow you to stay logged in with the Facebook app rather than entering your password every time you want to access the site.

It said its statutory investigation into the breach, and Facebook's compliance with its obligations under GDPR, was continuing.

With an initial set of accounts under their control, the attackers, said Rosen, exploited the vulnerable code to run a script that collected access tokens from their friends and the friends of their friends, representing a group of about 400,000 people.

Facebook believes only one million of the total compromised accounts had no personal information accessed whatsoever.

The social network previously confirmed to The Register that the accounts of Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg were among those affected. The company said hackers were able to access personal information for almost half of those accounts. The vulnerability, Facebook said, had existed since July 2017.

For another 1 million people, the hackers got access, but weren't able to obtain any information.

Facebook did not rule out the possibility of smaller-scale attacks and said it would continue to investigate.

Related Articles

  • Global Warming Report Sends Urgent Wake-Up Call

    Global Warming Report Sends Urgent Wake-Up Call

    Some scientists who worked on the report say "there is no way to mitigate climate change" without getting rid of it. The IPCC is a United Nations body assessing the science related to climate change, which has 195 member states.
    Robbie Williams' daughter confirmed as Princess Eugenie's bridesmaid

    Robbie Williams' daughter confirmed as Princess Eugenie's bridesmaid

    The wedding custom dates back to when Queen Victoria's daughter, Princess Victoria, carried it among her bridal flowers in 1858. Again taking a page out of Meghan and Harry's book, the ceremony will be followed by a carriage ride outside of Windsor Castle.
    Justices offer warm welcome as Kavanaugh joins high court

    Justices offer warm welcome as Kavanaugh joins high court

    With the nation divided over the nomination of Brett Kavanaugh to the Supreme Court, it might be a bad time to have that name. He was sworn in by retired Justice Anthony Kennedy at an entirely ceremonial event Monday at the White House.
  • Plug pulled on social network Google

    Plug pulled on social network Google

    Google + API's log data is only for kept two weeks, so it can not confirm which users were impacted by this bug. Google said it would continue to offer private Google +-powered networks for businesses now using the software.
    Kanye West has a bad  iPhone passcode

    Kanye West has a bad iPhone passcode

    It's unclear how West learned about Hoover's case, but it has been on his radar for at least a few weeks. He showed the president a video on his phone of a plane powered by hydrogen, and suggested that Mr.
    Juncker hopes to reach Brexit deal in November

    Juncker hopes to reach Brexit deal in November

    British officials have signalled new ideas will come. "Our will is unbroken to reach agreement with the British government ", he said.
  • Philadelphia Eagles: 4 running back trade rumors following Jay Ajayi injury

    Philadelphia Eagles: 4 running back trade rumors following Jay Ajayi injury

    The new deal creates $6.5 million more cap space for the Eagles this season and $11.7 million more for next season. Le'Veon Bell solves three problems, instantly: Pass protection (good), pass catching (great), rushing (great).
    Aaron Ramsey: Ian Wright backs Arsenal contract 'stance' on Wales misfielder

    Aaron Ramsey: Ian Wright backs Arsenal contract 'stance' on Wales misfielder

    Ryan Giggs has hailed Arsenal midfielder Aaron Ramsey . " Unai Emery will be a good manager for him but he needs a change". City are top on goal difference, with Chelsea second and Liverpool dropping to third.
    Microsoft deletes deleterious file deletion bug from Windows 10 October 2018 Update

    Microsoft deletes deleterious file deletion bug from Windows 10 October 2018 Update

    Quietly, Microsoft took the opportunity to fix a bug that saw user profiles being deleted due to an incorrect timing calculation. Also, Microsoft Support and our retail stores customer service personnel are available at no charge to help customers.
  • More airlines opt for ultra-long-haul flights

    More airlines opt for ultra-long-haul flights

    The twin-engine plane uses a modified system that burns 25 per cent less fuel than other aircraft of a similar size, Airbus said. Singapore Airlines has previously flown the route using the uneconomical, four-engine A340-500.
    Storm Callum updates: Around 150 remain without power in Northern Ireland

    Storm Callum updates: Around 150 remain without power in Northern Ireland

    The Met Office has warned heavy rainfall moving in from the South West issued a 36-hour amber warning for Wales. The weather warning comes just weeks after Storm Ali battered the country, leaving 70,000 homes without power.
    Flu season is here

    Flu season is here

    After a hard flu season last winter, the CDC is now recommending people get vaccinated as soon as the vaccine is available. Additionally, a spike in the number of people opting out of flu vaccines can explain the deadliness of the recent season.