The Latest Facebook Security Breach
Updated: Dec 21, 2018
Welcome to our latest ProSec Blog. This week we thought we would take you through the latest significant security breach experienced by Facebook that was originally announced late last month.
To be safe, make sure that you change the password for your Facebook account both now, and at regular intervals.
Facebook Security Breach Exposes Accounts of 50 Million Users
Friday, 18 September 2018
Facebook, already facing scrutiny over how it handles the private information of its users, said on Friday that an attack on its computer network had exposed the personal information of nearly 50 million users.
The breach, which was discovered this week, was the largest in the company’s 14-year history. The attackers exploited a feature in Facebook’s code to gain access to user accounts and potentially take control of them.
The news could not have come at a worse time for Facebook. It has been buffeted over the last year by scandal, from revelations that a British analytics firm got access to the private information of up to 87 million users to worries that disinformation on Facebook has affected elections and even led to deaths in several countries. Read more
Facebook says nearly 50m users compromised in huge security breach
Saturday, 29 September 2018
Nearly 50m Facebook accounts were compromised by an attack that gave hackers the ability to take over users’ accounts, Facebook revealed on Friday.
The breach was discovered by Facebook engineers on Tuesday 25 September, the company said, and patched on Thursday. Users whose accounts were affected will be notified by Facebook. Those users will be logged out of their accounts and required to log back in.
“I’m glad we found this and fixed the vulnerability,” Mark Zuckerberg said on a conference call with reporters on Friday morning. “But it definitely is an issue that this happened in the first place. I think this underscores the attacks that our community and our services face.”
The security breach is believed to be the largest in Facebook’s history and is particularly severe because the attackers stole “access tokens”, a kind of security key that allows users to stay logged into Facebook over multiple browsing sessions without entering their password every time. Possessing a token allows an attacker to take full control of the victim’s account, including logging into third-party applications that use Facebook Login. Read more
Facebook says hackers were able to access millions of phone numbers and email addresses
Friday, 12 October 2018
Facebook revealed on Friday that a hack in September allowed attackers to harvest millions of phone numbers and email addresses.
The company said hackers used 400,000 accounts under their control to gain the access tokens of 30 million Facebook users, according to a blog post. Access tokens are used by Facebook users to log into their accounts without having to type in their passwords.
Among the 30 million affected users, 14 million had their names, contact information and sensitive information, such as their gender, relationship status and recent place check-ins, exposed to the attackers, Facebook said. Another 15 million users had their names and contact information breached, and 1 million users solely had their access tokens stolen. Facebook has reset the access tokens for all of those users.
Facebook also published a website where users can go to check if their accounts where affected by the breach, and if so, to what degree their information was exposed.
How to see if you were affected by the Facebook hack
Friday, 12 October 2018
Facebook said Friday that it has determined that hackers gained unauthorized access to more than 30 million accounts. Of the more than 30 million accounts, 14 million had sensitive information including gender, names, email addresses, phone numbers, location check-ins and more exposed. The attack also revealed the messages of more than 400,000 people, it said.
The social media company has already created a page that will tell you if you are one of the affected accounts. All you have to do is make sure you're logged in and then head to this security notice page. Read more
Facebook Hack Included Search History and Location Data of Millions
Saturday, 13 October 2018
SAN FRANCISCO — Facebook said Friday that an attack on its computer systems that was announced two weeks ago had affected 30 million users, about 20 million fewer than it estimated earlier.
But the personal information that was exposed was far more intimate than originally thought, adding to Facebook’s challenges as it investigates what was probably the most substantial breach of its network in the company’s 14-year history.
Detailed information was stolen from the Facebook profiles of about 14 million of the 30 million users. The data was as specific as the last 15 people or things they had searched for on Facebook and the last 10 physical locations they had “checked into.”
Other personal details were also exposed, like gender, religious affiliation, telephone number, email addresses and the types of computing devices used to reach Facebook. Read more