Facebook reveals more details about recent hack that affected 30 million accounts

Muriel Colon
October 15, 2018

The social media giant, which has more than two billion users worldwide, announced last month that engineers had discovered a "security issue" which affected 50 million accounts.

Facebook said that 15 million people had seen their name and their personal contacts compromise and that further details had also been for 14 million other users.

Facebook has revealed that millions of email addresses, phone numbers and other personal user information were compromised during a recent security breach.

The exact number had not been known before. Before we get too deep into the weeds of how Facebook says the attack happened and what it's doing about it now, here's how to tell if you're one of the 30 million or so people affected.

The leading social network had originally said up to 50 million accounts were affected in a cyberattack that exploited a trio of software flaws to steal "access tokens" that enable people to automatically log back into the social network.

That feature allows users to check privacy settings by glimpsing what their profile looks like to others.

These access tokens are like digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use Facebook. As it turns out, the data of almost 30 million users has been stolen in the breach, a Facebook investigation has now confirmed.


Facebook underlined that they would be sending customised messages to the 30 million people affected by the breach of information accessed by the hackers and steps to protect themselves, including from suspicious emails, text messages, or calls.

What may have motivated the attackers is still unclear; despite mounting concerns about election security as US officials count down to a highly contested midterm election, Facebook said there was no indication the hack was specifically related to the USA electoral process.

Facebook indicated that hackers stole access tokens through its "view as" feature.

Google ended up taking some heat off of Facebook after disclosing a potential data breach of its own earlier this week, though the scope of that incident was much smaller and only included some 500,000 users of Google+.

These details were exposed sometime between September 14 and September 25 this year, when the company first discovered the security breach due to a sudden uptick in activity. Previously, Facebook had said it didn't know what, if any, information was compromised. Facebook will also send messages directly to those people. Facebook then goes into some detail on how it all went down, which starts with the attackers already having access to some accounts. Resetting the tokens logged the affected Facebook users out of the service. He said that although the attackers would have the ability to view private message or post on someone's account, there were no signs that they did either of those things.

"This attack did not include Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts", Facebook vice president of product management Guy Rosen said in blog post-with one exception.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER