After Facebook announced in late September 2018 about its largest security breach yet, the company has finally revealed the real number of users affected – 30 million, not 50 million as initially expected. Out of 30 million, 14 million had their detailed personal information such as birth dates, employers, religious preference, education, pages followed, recent searches and location check ins taken. 15 million only had their names and contact details stolen whereas the remaining 1 million did not lose any information although their accounts were affected. The other Facebook applications such as WhatsApp, Messenger, Instagram and its third-party payment applications were not affected.
The security breach happened with the hackers taking advantage of the “view as” flaw (a privacy feature that allows users to see how their account appear to outsiders) to compromise the accounts of their friends. Then, they used an automated process to access digital keys (a security key that enables users to stay logged onto Facebook without re-entering their passwords each time) for accounts that were “friends” with the accounts that they have already breached. From there, the hackers expanded to “friends of friends”, giving them access to 400,000 accounts. This eventually snowballed to 30 million accounts.
What are the consequences?
Like many cases of stolen data, the victims could potentially be targets of phishing attacks. Even Mark Zuckerberg, Chief Executive to Facebook had his account compromised. He highlighted that the attackers have access to view private messages or post on someone’s account. So far, the company assured users that the attacks did not steal any personal messages or use their access to users’ accounts on other websites. Affected users who reside in Europe will also result in significant penalties for this social media giant with the enforcement of the new EU General Data Protection Regulation (GDPR).
How to know if you are affected?
According to Facebook, affected users will be directed to their website’s help section. Otherwise, you can follow these steps.
- Ensure you are logged in to your account. Visit this link: https://www.facebook.com/help/securitynotice?ref=sec.
- Scroll down until you reach the “Is my Facebook account impacted by this security issue?”
- From there, Facebook will inform you if your account has been affected.
If you are one of the victims of this attack, here are a few things you can do.
- Be aware of spams, suspicious emails and phone calls as your personal information could have been sold illegally to others.
- Stay alert on phishing emails that may lead you to sign up accounts or make payments on a fake website.
- Change your answers to your security questions (commonly used in bank and account verification) as the hackers are able to use the information they have about you to gain access to your other accounts.
The question now is, how will Facebook take measures to protect its customers’ data? Will customers continue to share their personal information as much considering the social network just had another controversy surrounding its security from the Cambridge Analytica Data Breach this year. Although users may eventually forget about their stolen data, the implications of this is yet to be known as the possibilities of manipulating these static information are endless, especially if they are out in the dark web.
Written by: Liwen