facebook hacker attack

Facebook: An Update on the Security Issue

You may remember that last month (September 2018) Facebook said 50 million user accounts were affected by a security breach which potentially enabled hackers to take over people's accounts.

On Friday, the company revised downwards its estimate to "about 30m" and revealed 15 million users had highly personal information stolen by hackers.

It included search history, location data and information about relationships, religion and more. In an Oct. 12 post cryptically and unhelpfully titled “An Update on the Security Issue,” Guy Rosen, Facebook’s VP of product management, wrote that they wanted

"to provide an update on our investigation. We have now determined that attackers used access tokens to gain unauthorized access to account information from approximately 30 million Facebook accounts. We're very sorry this happened. Your privacy is incredibly important to us, and we want to update you on what we've learned from our ongoing investigation, including which Facebook accounts are impacted, what information was accessed and what Facebook users can do about this."

and that for

“15 million people, attackers accessed two sets of information - name and contact details (phone number, email, or both, depending on what people had on their profiles), device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches."

That has the makings of an epic phishing expedition. It might even be enough to answer other, more personal forms of authentication, like the “only you know the answer” security questions banks often use. 

Facebook has said it will not provide identity fraud protection for the victims of its latest data breach but users can visit this link to find out if they have been directly affected.

How to check your account

If you are not logged into Facebook you will see this message


When you have logged in, hopefully you will see this one:


We have not (yet) seen the "you've been hacked" version of their message...

Netwise 16.10.18