How to guide: Check if your Facebook Account has been hacked?
At the end of September, it was revealed that a Facebook security flaw allowed the access tokens of over 50 Million accounts to be stolen. Access tokens allow users to stay signed in on devices, rather than signing in every time they interact with a Facebook app. On Friday 12 October, after weeks of investigation, Facebook reported that the actual number of accounts affected was 30 million, not 50.
The investigation into how this was made possible, and the extent of the data stolen is still ongoing, but Facebook have said there is no need for users to log out or change their password. Facebook forced 90 million users to log out when the breach was discovered.
Users can use this page to check if they were one of the accounts affected in the incident, as well as read any recent findings from the investigation. When you visit page, if you are not one of the affected users it will tell you this in a statement towards the bottom of the page, and there is no further action required from you other than remaining security conscious when it comes to passwords and such. You will also see a message saying your account hasn’t been compromised if you are one of the one million users to who their tokens stolen but information remained safe.
If you fall into the other 29 million users camp, then you will see one of two messages, depending on the level of your information that was stolen. Fifteen million users had their name, email addresses and phone numbers compromised by hackers. While this is serious enough itself, the other 14 million have a more serious data breach problem.
The other 14 million have had the above information stolen, as well as their username, date of birth, devices you use, gender, language settings and possibly more data such as religious and political views. It’s also possible that they accessed your 10 most recent locations and 15 most recent searches, giving a detailed window into your online presence.
There is currently no evidence that hackers used the vulnerability to attack third-party apps and services to gather more information, which was technically possible. Facebook also continues to report that no passwords of credit card information has been compromised. We are yet to see the full fallout from the breach, but there is also evidence that Facebook logins are being sold on the dark web.
While that data is now out there in the hands of attackers, Facebook has used their support page to offer some advice on avoiding phishing schemes. This is a good move from Facebook, but it doesn’t make up for the grievous level of the data breach and the users it has left vulnerable to tailored phishing attacks now their data is out there.