On the night of 12th October (EAT), Facebook released more info about the data breach that affected its users. The massive security breach was worse than initially thought. Here’s what Facebook says they know so far:
- The attackers used the profiles of 400,000 people as their gateway to the 30 million users affected which is down from the 50 million as previously reported, but still a huge number
- For some 14 million people, the attackers had access to their sensitive information ranging from location access to their search history (your past 15 searches)
- The attack did not affect Facebook’s other apps including Instagram, Messenger, WhatsApp or Occulus
- The attack did, however, affect people who used two-factor authentication which means 2FA security is compromised for users whose sites and apps only offer texts as a 2FA option
- When asked whether the affected people’s info was available in the dark web and if it was being used, Facebook’s VP of Product Management, Guy Rosen said that they have not seen any evidence of this info being used yet, emphasizing that they’re continuing to work with the FBI during this investigation
How to find out if you are among those affected.
Earlier on, Facebook did not notify users if they were affected or not. You can now check to see if your data was stolen in the recent hack by logging into your Facebook account and visiting this “Help Center” page by clicking here.
Here’s what you’ll see:
- For those not affected:
- For those fairly affected:
- For those whom A LOT of data was taken:
This is Facebook’s worst security breach
Your personal info being stolen is way different than when your password is because it’s easier to change your password but the stolen details are going to remain useful to hackers for years. The damage is already done and this could haunt you for the rest of your life.
It sucks because there was nothing you could have done to prevent this. It wasn’t your fault. With their constellation of sites, the least Facebook could have done is to make sure breaches like this don’t happen.
Worth noting:
Facebook VP Guy Rosen ducked the question of whether the attackers had inside help. According to Facebook’s description of the breach, the attack relied on three separate security vulnerabilities which could be exploited in tandem to obtain access tokens. It looks tough but not impossible to find these bugs if you know where to look for.
Guy Rosen ended the press call by offering an apology to users for the security breach noting that “People’s privacy and security are important to us, and we are sorry this happened.”
Does Facebook deserve your information after this security breach?
“ We have a responsibility to protect your information, if we can’t, we don’t deserve it.” – Mark Zuckerberg, March 2018.
From the looks of it and by Zuckerberg’s own standards, it appears that the social media giant doesn’t deserve even our trust especially now that they have ventured into hardware with the launch of Portal, their in-home, always-listening camera tablet this week. This recent disclosure is so, so BAD.