Facebook now says hackers accessed 29 million Facebook users data by the recent data breach and stolen users personal details such as Email and phone number and other data what compromised user had in their accounts.
Facebook initially said Security breach allow hackers to steal more than 50 million accounts access tokens by exploiting the software vulnerability in “View As” feature between July 2017 and September 2018.
View as future could allow users to see how their profiles look like when some see their profile and the bug was exploited in this future by attackers.
Access tokens act as a digital key and it helps to people logged into Facebook without reenter their Facebook credentials in App.
This incident was discovered by Facebook September 14, 2018, and confirmed it as a cyber attack due to the vulnerability and they closed the vulnerability Within two days also stopped the attack.
Hackers Accessed 29 Million Facebook Users Data
Facebook now announced that, Attackers stolen exactly 29 Million Facebook users personal data, In this case, Initially Attackers controlled 400,000 people accounts and stealing the access token of their friends of those friends using an automated technique.
It allows automatically loaded those accounts mirroring what these 400,000 people would have seen when looking at their own profile which includes their lists of friends, the name of the recent Messenger conversations etc.
In this case, Message conversation is not available to the attackers but if the accessed account users have any page and they received any message to that page then it could be accessed by attackers.
According to Facebook Attackers used this 400,000 users token and move further lists of friends to steal access tokens for about 30 million people and accessed following data.
- 15 million people – name and contact details (phone number, email, or both, depending on what people had on their profiles).
- 14 million people – same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birth date, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches
But they didn’t accessed any data from the rest of 1 million peoples and Facebook sent customized messages to the 30 million people affected to explain what information the attackers might have accessed and how to protect them.