Earlier Facebook has announced a data breach affecting 50 million users, and now the company have given an update about the breach.
Facebook has revealed only 30 million accounts were affected in the data breach instead of the first reported 50 million accounts.
For 14 million account Hackers were able to access personal data such as username, gender, locale/language, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches .
For another 15 million hackers were able to access names, phone number and email address and remaining 1 million accounts hackers were not able to access any information.
“First, the attackers already controlled a set of accounts, which were connected to Facebook friends. They used an automated technique to move from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on, totaling about 400,000 people.” said in the post published by Facebook.
Facebook discovered the breach on September 25th when they discovered unusual traffic on their server.
Hackers exploited a vulnerability in ‘view as’ feature in facebook allowing them to steal secret access token. These secret access token will allow them to log in users facebook accounts.
Facebook said the attack did not affect Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.
Facebook also said they are cooperating with FBI, The US Federal Trade Commission, Irish Data Protection Commission and other authorities regarding the investigation of the data breach.
Facebook will send customised messages to users who are affected by the breach and details regarding what all information have been accessed by hackers.
Users also can check by visiting the helpline centre whether they are affected or not by the data breach.
What are preventive measures to be taken by Facebook users?
- Review the security & privacy settings of Facebook account (https://www.facebook.com/settings)
- Check “Where You are Logged in” To see all devices that are logged in with your account.
- Change the password for Facebook and other online accounts
- Enable “Use Two Factor Authentication”
- Enable “Get alerts about unrecognized logins”
- Check what are the devices under “Authorized Logins”
You may be interested in reading:Google Shutdowns Google+ After Bug Exposed User Data of 500,000 Users