In terms of loss, the recent Facebook data breach is far greater than financial loss. Read on to know what’s at stake in the latest Facebook data breach…
In a serious security breach disclosed late last month, Facebook confirmed that accounts of millions of users were compromised. Initially, Facebook estimated that 50 million accounts were affected by the hack but later revised the total number of affected users down to around 30 million Facebook users. Facebook also confirmed that hackers accessed personal details in most of those cases — including, for about half of those users, recent searches and locations. As this case is being investigated by the Federal Bureau of Investigation (FBI), Facebook has been advised that it should not discuss about the suspect or a motive in public.
National Public Radio previously reported that the hack exploited three separate bugs in Facebook’s code. No passwords were compromised, but the hackers were able to gain “access tokens” that let them use accounts as though they were logged in as another person. In late September, Facebook detected this unusual activity, discovered the bugs and disabled them.
Facebook disclosed that the attacks were carried out between September 14 and 27. The attackers moved within social networks, controlling one account at first and from there, accessing that account’s friends, to initially steal access tokens for 400,000, and ultimately 30 million more accounts. 15 million of those users had their names and contact details — which could be email addresses or phone numbers which was accessed.
In a more serious breach, 14 million people had a wider array of data accessed, including their gender, religion, relationship status, birthday, current city and hometown, device types, education and work history. Hackers also had access to those users’ last 15 searches, and the last 10 locations they either checked into or were tagged in by someone else.
The 400,000 Facebook users whose accounts were first hacked were most seriously compromised, with hackers viewing their posts, their friend lists, their group memberships and the names of recent message conversations — though not, in most cases, the contents of those messages.
“We have no reason to believe the attackers were interested in that information from those 400,000 users,” Guy Rosen, vice president of product management at Facebook, told the reporters. “They were [doing] that in order to get the access tokens for those people’s friends.”
Here’s what that makes the Facebook data breach so harmful. Although the recent Facebook data breach didn’t expose any crucial financial information, the hack indeed exposed several personal data which can be even more valuable than financial information.
A determined cybercriminal might uncover some of these personal details on a Facebook page, assuming you leave your page open to public view in your privacy settings. But this breach delivered that data directly, giving hackers a head-start for potential identity theft crimes.
Criminals could also use such data to build robust bios that become powerful weapons in phishing scams, where personalized emails trick consumers into revealing financial information or clicking on links that plant malware on their computers.