Details Of What Hackers Accessed From The Latest Pwnage Of Facebook Are Out…. You Should Really Join Team #DeleteFacebook

Two weeks ago the news hit that Facebook had been pwned (again) by hackers. Today we have good idea of what they accessed. But first, a quick reminder of how the hackers got in. Hackers took advantage of a security flaw in Facebook’s “View As” code, which is a feature designed to let people see what their profile looks like to someone else. The Facebook access tokens that hackers were able to obtain by doing that are basically digital keys that allow people to stay logged in to Facebook. With that out of the way, here’s what the hackers had access to:

  • Hackers used a set of accounts that they controlled that were connected to Facebook friends. An automated technique was used to move from account to account, allowing them to collect access tokens in September 2018.
  • Hackers were able to obtain timeline posts, friend lists, groups, and the names of recent Messenger conversations from an initial 400,000 people. People in this group who were Page admins of a Page that had received a message from someone on Facebook had the content of their messages stolen.
  • After stealing data from the 400,000 people attacked first, Facebook used their friends list to steal access tokens for approximately 30 million people.
  • For 15 million people, attackers were able to access name and contact details that include phone number and email address.
  • For 14 million people, hackers were able to access the same information as well as other data that includes username, gender, location, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places where they checked in, websites, people, Pages they follow, and 15 most recent searches.
  • An additional 1 million people had their access tokens stolen but no information was obtained.

Translation: This is not trivial in the least.

People can find out whether or not they were affected through the Facebook Help Center. And they’re going to get emails that will tell them what was accessed in their specific cases.

There’s one more thing of interest. Apparently the FBI is investigating and Facebook has been ordered not to speak about who might have been behind the hack. That sounds curious. No?

If this is not enough to have you the #DeleteFacebook camp, nothing is going to. Because clearly Facebook can’t be trusted to keep your data safe.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: