Facebook Data Breach Exposed Personal Information of Millions of Users

A Facebook data breach that could affect millions of accounts means hackers could have your personal information.

After announcing a higher initial estimate, Facebook has since reduced its estimated number of affected users down to around 30 million, with about half of those having had their name and contact information exposed.

Facebook says no financial information was accessed in the breach, and it’s highly unlikely that any private messages were hacked.

Why was Facebook hacked?

In most data breaches, hackers are after financial information such as credit card numbers, debit card numbers, bank account details and other data that could allow them to illegally access someone else’s money.

In the case of the Facebook data breach, Facebook CEO Mark Zuckerberg said the hackers appeared to obtain information in the user’s profile page, including name, gender, hometown, workplace and educational background.

Should I change my password?

Interestingly, no, you don’t need to change your password. Facebook and many other websites and phone apps use an API system, which is short for Application Programming Interface. The API is assigned an access token that contains information that assures the API that you have authorized access to the account and are allowed to perform a range of actions within the account. The access token does not hold on to your password, but it does allow you to stay logged in.

Immediately upon learning of the Facebook data breach in September, Facebook reportedly reset the access tokens of the users who were affected by the hack. Each affected users was logged out of his or her account and had to log back in to Facebook and to Facebook Messenger.

When and how was Facebook hacked?

Three different bugs within the video upload aspect caused the Facebook data breach. The vulnerabilities apparently accidentally opened up when Facebook did an update to the video uploader in July 2017.

When a Facebook user clicks the “view as” feature, the user sees his or her own profile as others do. A glitch allowed the video uploader to sporadically pop up without prompting during the “view as” mode and at the same time, an access token was created. A hacker could grab that access token and log into the user’s account without the user knowing it.

How do I know if I was hacked in this Facebook data breach?

Log in to your Facebook’s account security and login page. If Facebook reset your access tokens and you were forced to log in again with your password, you should see a list that includes only your known devices that you’ve used to log in.

Why would anyone want my personal information?

Depending upon what other apps you have connected to your Facebook page, the hackers could use your access token to gain access to dating apps, streaming services, online games or other apps and sites that you’ve linked to through Facebook.

The identity of the hackers is still unknown. Their motivation also is unknown, but they could use personal information obtained through the Facebook data breach to help figure out your passwords to other sites and apps where they could do more damage, including financial impact. They also might use email addresses to pose as friends and send malware to others in emails that appear to be from you.

Join a Free Facebook Data Breach Class Action Lawsuit Investigation

If you had a Facebook account by Sept. 27 and your account was affected by the Facebook data breach, you may qualify to join this Facebook class action lawsuit investigation.

Learn More