Two weeks after social media giant Facebook announced that it had been hacked, users are finally finding out whether they’ve been affected. The hack affected about 30 million users around the globe.
The hack happened between Sept. 14-27, according to officials, but they said the vulnerable code had been online from July 2017 to Sept. 2018. Hackers were able to access vulnerable information through bugs in Facebook’s “View as” feature, which lets users see their own profile as if they were not logged in.
The hackers were able to steal “access tokens,” which allowed them to “take over people’s accounts,” officials said.
A token is like a digital key that allows a user to stay logged in so you don’t have to re-enter your password every time you log in. At the time, the company asked 90 million users to re-enter their login information to ensure the access tokens were renewed.
Here’s what you need to know:
First, you can check whether you’ve been affected here. The information will be mid-way down the page.
Facebook also has been alerting people on their homepages over the past two days.
Facebook says “for 1 million people, the attackers did not access any information.”
Another 15 million had their names, email addresses and phone numbers accessed.
But for the remaining 14 million, the information accessed is more widespread, including date of birth, gender, language and personal profile information including hometown, work and religion.
No passwords or credit card data were exposed by the hack.
WATCH: Hunting Russian hackers: Meet the Canadian on the front-lines of a growing cyberwar
But that’s still a lot of data to be exposed — and Facebook warns that it could be used to allow third parties to “create and spread spam on and off Facebook.”
Facebook officials warned those affected by the hack to be “cautious of unwanted phone calls, text messages or emails from people you don’t know.”
It’s the type of information that people can use in phishing attempts — meaning when scammers lure you into entering passwords or other information on fake websites.
Patrick Moorhead, founder of Moor Insights & Strategy, said the breach appeared similar to identity theft breaches that have occurred at companies including Yahoo and Target in 2013.
“Those personal details could be very easily be used for identity theft to sign up for credit cards, get a loan, get your banking password, etc.,” he said.
Thomas Rid, a professor at the Johns Hopkins University, also said the evidence, particularly the size of the breach, seems to point to a criminal motive rather than a sophisticated state operation, which usually targets fewer people.
WATCH: Facebook says hackers didn’t use your login to access third-party apps
“This doesn’t sound very targeted at all,” he said. “Usually when you’re looking at a sophisticated government operation, then a couple of thousand people hacked is a lot, but they usually know who they’re going after.”
Officials said third-party apps that use a Facebook login and Facebook apps like WhatsApp and Instagram were unaffected by the breach.
Facebook isn’t giving a breakdown of where these users are, but says the breach was “fairly broad.”
The FBI is investigating, but asked the company not to discuss who may be behind the attack. The company said it hasn’t ruled out the possibility of smaller-scale attacks that used the same vulnerability.
— With files from The Associated Press
Comments