Facebook has just recently given their clients a recent update on the data breach that happened about some weeks ago. This data breach is the one that exposed the access tokens, the ones that have the ability to let users login into their Facebook account whenever they want to, to the hands of the hackers.

Gettyimages 959804662 Wide F2a65f96a25703da2bc2a65
A great breach has damaged the Facebook branch even further

At the moment, Facebook is saying that the number of users having their login tokens stolen is at 30 million. At first, when the news of this breach was made official, Facebook had reported that up to a fearsome 50 million accounts might have been victimized. They also added that there are 40 million accounts “at risk”. A staggering number of 15 million clients had their emails, phone numbers, and names stolen.

For another 14 million clients, the hackers took from them details such as types of devices they had used to log in to Facebook, recent searches, places they had checked in, relationship status, languages, genders. The stolen details are all dependent on what the user was having displayed on the profile as well as what they usually used Facebook for. So, for the ones who weren’t using Facebook too much, they would have lost a lot less than any other social enthusiast.

Any client, if they want to, can check out if they were affected by this incredibly large breach can do so by using the Help Center of Facebook. Facebook had also stated that it will indeed send a customized message to each of the 30 million users that were affected in this data breach in what they called “the coming days” to explain specifically what may have been accessed by the hackers and the way the users can use to shield themselves from the suspicious calls or emails that may have been the results of their information being stolen.

10 Facebooksays
Facebook states that the hackers utilized a flaw

Right at the very end of September, Facebook had announced that they had found out a flaw that was hiding in their feature named “view as.” This feature is expected to help users see what others see in their profiles. The flaw in this feature that has been in existence from July 2017 to September 2018 had allowed the hackers to be able to view information as well as making a post from that account just like they are the user.

Facebook stated that at first, it noticed a strange spike in the amount of users that were using feature “view as” on the 14th of September. On the 25th of September, Facebook came to the conclusion that the reason for that spike was hackers utilizing a flaw, they then decided to shut that flaw down two days down the line. Then, Facebook had to do a full-on reset for the login tokens of more than 90 million clients.

Guy Rosen, the Product Managemen’s VP has given more details recently on the way the hackers made it possible to access the accounts.

Rosen2 1
Guy Rosen

He had written in one blog post that the hackers first gained control of one set of accounts that were already connected to other friends on Facebook. Then, they had used an automatic technique to jump from one account to another so that they could get the login tokens of the friends, the friends of those same friends. It just went on and on. In the end, it was at around 400,000 users. However, in this process, the technique also automatically loaded the Facebook profiles of those accounts while mirroring what the 400,000 users would see when they were looking at their profiles. The hackers then used a part of the lists of friends from the 400,000 accounts to steal the login tokens of about more than 30 million users.

In theory, these hackers might have used all the login tokens to get access to the other third-party applications that all the users that had been affected had been using through their own Facebook accounts. Nonetheless, Facebook stated that there has been no evidence suggesting the hackers had done so last week.

Zuckerberg Facebook Breach Hack
Mark Zuckerberg, the founder of Facebook, had just done a testimony before the Congress back in April

Rosen also added that this attack had not included Messengers, Instagram, Messenger Kids, Oculus, WhatsApp, Pages, payment, Workplace, developer accounts, advertising accounts, or any third-party app.

Facebook had stated that it is cooperating with the U.S. FTC, the FBI, the Irish DPC, along with other organizations in its effort to find the hackers. In a call with reporters, Rosen stated that FBI is investigating actively and is asking them not to discuss to anyone about the suspects.