Hackers stole personal data from 29 million Facebook users in a recent hack, including information like phone numbers, emails, gender, hometowns and even relationship data.
This is very scary and I wanted to find out more. Have hackers gotten any of my information?
Here's what Mark Zuckerberg had to say about the breach:
I want to update you on an important security issue we've identified. We patched the issue last night and are taking...
Posted by Mark Zuckerberg on Friday, September 28, 2018
How can I tell if MY data stolen? Turns out there is an easy way to check!
There's an easy way to check. Visit this Help Center page on Facebook's website and log in to your account. It will tell you whether or not your data was stolen, and which data in particular.
Did you get this notification?
Here's what it looks like when the hackers took a lot of data.
If your data was stolen, Facebook will reach out to you directly.
"In the coming days, we'll send customized messages to the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls," Facebook wrote in a blog post.
If your data was not stolen here is what you will see:
"Based on what we've learned so far, your Facebook account has not been impacted by this security incident. If we find more Facebook accounts were impacted, we will reset their access tokens and notify those accounts."
What is the status of Facebook's investigation and what was learned?
- On September 25, 2018, we discovered that attackers had exploited a vulnerability caused by the complex interaction of three bugs in our system to obtain access tokens. Tokens can be used, like a digital key, to request certain information through our platform. We acted quickly to secure the site and began an investigation to determine if anyone's Facebook information was accessed and how many users were impacted.
- To protect our users while we conducted an investigation, we invalidated the access tokens of almost 90 million accounts that were potentially impacted by the vulnerability. There's no need for anyone to change their passwords, and if you're still having trouble logging back into your account, learn what you can do.
- Starting September 28, we notified users who were logged out, explained why we did this and shared what we knew about the attack at that time. You can read more about this incident and our initial response. When we shared this initial response, we were still investigating and didn't yet know if anyone's Facebook information was accessed.
- We have now determined that between September 14 and 27, the attackers used the access tokens to get certain Facebook account information from our platform. These access tokens have been since invalidated, which prevents any further access to Facebook account information. Learn more about how this attack took place.