• PC
    • Mac
    • Android
    • iOS
    Deals & Bundles
    • Deals & BundlesCompare Products
    • Deals & BundlesAvira Prime
    • Deals & BundlesInternet Security
    • Deals & BundlesFree Security Suite
    • Deals & BundlesFree Security
    Security
    • SecurityAntivirus
    • SecuritySoftware Updater
    • SecuritySafe Shopping
    • SecurityAvira Browser Safety
    Privacy
    • PrivacyPhantom VPN
    • PrivacyPassword Manager
    • PrivacyPrivacy Pal
    Performance
    • PerformanceSystem Speedup
    • PerformanceOptimizer
    • PerformanceOptimizer
    Internet of Things
    • Internet of ThingsHome Guard
    • Internet of ThingsSafeThings
  • Technology Solutions
    • Technology SolutionsIoT Security
    • Technology SolutionsAPI Security
    • Technology SolutionsSDK Security
    • Technology SolutionsThreats Intelligence Feeds
    Partners
    • PartnersOEM Partners
    • PartnersChannel Partners
    • PartnersAffiliate Partners
    Business Solutions
    • Business SolutionsAvira Prime
  • Support
  • Consumer Security
    • Consumer SecurityNews
    • Consumer SecurityToplists
    • Consumer SecurityGuides
    • Consumer SecurityProduct Tutorials
    Technology Insights
    • Technology InsightsAll Articles
    • Technology InsightsLatest News
    • Technology InsightsExpert Perspectives
    • Technology InsightsSecurity Research
    • English
    • Deutsch
    • Français
    • Español
    • Italiano
    • Português
    • Login
    • About My Avira Account
    • Dashboard
    • My Account
    • Logout
Home
Blog
Update: “Only” 30 million accounts affected by Facebook hack after all
  • News

Update: “Only” 30 million accounts affected by Facebook hack after all

15 October 2018 by Nicole Lorenz


2 years ago 0 Comments
  • Share article

Update: 15.10.2018

Do you still remember how Facebook announced that millions of their user info might have been stolen due to a bug in their system that had been left unpatched for a year? You might be happy to hear that Facebook finally released their final count: Only 30 million users were affected after all. Like for real. No guessing involved.

According to Facebook the attackers “used an automated technique to move from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on, totaling about 400,000 people.”

Then “the attackers used a portion of these 400,000 people’s lists of friends to steal access tokens for about 30 million people. For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. For 1 million people, the attackers did not access any information.”

That’s the gist of it. Facebook will inform you if you were affected, so if you don’t get any news you can relax: you should be fine.

 

Original article: Facebook hacked: 90 million accounts at risk

Facebook is huge. Most people know it. According to the company itself it has 2.2 billion monthly active users. The mere size of the social network makes any data breach like the Cambridge Analytica one pretty much a disaster. Now Facebook announced that they discovered that their systems got hacked – and the information of 50 million users compromised.

“View as” feature exploited

In a post disclosing the hack of a large chunk of their users, Facebook also gave some insights as to how the hack had happened. Apparently a feature that should normally enhance the user’s security – the “View as” one – got exploited. This feature allows people to basically see their Facebook profile the way it looks like to specifically user groups, like colleagues or family members.

Apparently it was possible to circumvent the “read only” setting of this feature and then create a digital token that would allow cyber criminals to access accounts without even having to enter a password. What’s even worse: This token would not only allow access to Facebook but to any page the affected users logged into with their Facebook account, for example Instagram, your local news website, or any other page that would allow this feature.

Tokens reset

Facebook reacted fast. They discovered the issue around a week ago and since then fixed the exploit and reset the access tokens of 50 million affected users. That’s not all though: The issue was apparently present since 2017. The social network did not observe any suspicious activity until recently but has nonetheless reset 40 million tokens on top of the 50 million ones, just to be sure. So anyone accessing their profile via “View as” in the last year, got also logged out of Facebook and had to relog in order to reset their token.

Privacy disaster

Considering how much data Facebook collects – after all that’s how the company makes money – someone having access to probably more than 50 million user accounts is horrendous. If you are afraid that something like this could have happened to you (or may in the future with other online companies) there are a couple of things you can do to protect yourself:

  • Do not use the Facebook login for other accounts: While super convenient it also proves to be a problem when your Facebook account gets hacked – as the above example clearly shows. If you have issues coming up with good passwords or remembering them afterwards use a password manager.
  • Use 2 factor authentication: It may not be the most convenient option but it makes sure that your account stays yours. Even a hack like the Facebook one will not affect you.
  • Where you affected: Whenever you hear of a data breach, make sure to check out if your account was in it. Sure, Facebook made it easy: everyone who got logged out might be a potential victim of the hack. Other security breaches are not that obvious. Take a look at the Avira Identity Scanner. If you find your mail address in the database it’s high time to change your passwords and perhaps even look for help from security professionals.

This post is also available in: German

Nicole Lorenz
Nicole Lorenz
PR & Social Media Manager @ Avira |Gamer. Geek. Tech addict.

Related articles

View all
  • News
A year in review: Top cyberattacks and common cyberthreats in 2020
Learn more
  • News
The essential guide to online shopping
Learn more
  • Guides
Formjacking: What it is, and how to protect yourself
Learn more
  • News
Avira partners with YouMail to stop robocalls
Learn more
  • News
7 tips for safe online shopping
Learn more
Your phone is your identity
  • News
The biggest threat to your security is in your hands
Learn more
  • News
Update: Privacy and security concerns surrounding TikTok
Learn more
  • News
Robocalls and their role in elections
Learn more

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Please check the antispam box

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Facebook
  • Twitter
  • Linkedin
  • Pinterest
  • YouTube

Deals & Bundles

  • Compare Products
  • Avira Prime
  • Internet Security
  • Free Security

Security

  • Antivirus
    • Windows
    • Mac
    • Android
    • iOS
    • Pro
  • Software Updater
  • Safe Shopping
  • Avira Browser Safety
  • AntiVir
  • QR Scanner
  • My Avira Account

Privacy

  • Phantom VPN
    • Windows
    • Mac
    • Android
    • iOS
    • Pro
  • Password Manager
  • Privacy Pal

Performance

  • System Speedup
    • Windows
    • Mac
    • Android
    • Pro

Support

  • Get Help
  • Downloads
  • Avira Blog
  • Avira Community
  • Virus Lab
  • Security Wordbook
  • Product Lifecycle
  • Avira VDF Update
  • Voluntary agreement
  • Avira Protection Cloud

About

  • About Avira
  • Awards and Certifications
  • Careers
  • References
  • Contact
  • Press
  • Threat Landscape
  • Mobile banking malware infographic
  • Transparency report
  • Beta test

For Business

  • Avira Prime

Partners

  • OEM
  • Channel Partners
  • Affiliate Partners
  • English
  • Deutsch
  • Français
  • Español
  • Italiano
  • Português

© 2020  Avira Operations GmbH & Co. KG. All rights reserved.

  • Imprint
  • Privacy
  • Legal terms