Wednesday, May 7, 2025
HomeComputer SecurityFacebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data

Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data

Published on

SIEM as a Service

Follow Us on Google News

Facebook now says hackers accessed 29 million Facebook users data by the recent data breach and stolen users personal details such as Email and phone number and other data what compromised user had in their accounts.

Facebook initially said Security breach allow hackers to steal more than 50 million accounts access tokens by exploiting the software vulnerability in “View As” feature between July 2017 and September 2018.

View as future could allow users to see how their profiles look like when some see their profile and the bug was exploited in this future by attackers.

- Advertisement - Google News

Access tokens act as a digital key and it helps to people logged into Facebook without reenter their Facebook credentials in App.

This incident was discovered by Facebook September 14, 2018, and confirmed it as a cyber attack due to the vulnerability and they closed the vulnerability Within two days also stopped the attack.

Hackers Accessed 29 Million Facebook Users Data

Facebook now announced that, Attackers stolen exactly 29 Million Facebook users personal data, In this case, Initially Attackers controlled 400,000 people accounts and stealing the access token of their friends of those friends using an automated technique.

It allows automatically loaded those accounts mirroring what these 400,000 people would have seen when looking at their own profile which includes their lists of friends, the name of the recent Messenger conversations etc.

In this case, Message conversation is not available to the attackers but if the accessed account users have any page and they received any message to that page then it could be accessed by attackers.

According to Facebook Attackers used this 400,000 users token and move further lists of friends to steal access tokens for about 30 million people and accessed following data.

  • 15 million people – name and contact details (phone number, email, or both, depending on what people had on their profiles).
  • 14 million people – same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birth date, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches

But they didn’t accessed any data from the rest of 1 million peoples and Facebook sent customized messages to the 30 million people affected to explain what information the attackers might have accessed and how to protect them.

This attack did not include Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts. Facebook Said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution,...

CISA Warns of Cyber Threats to Oil and Gas SCADA and ICS Networks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert warning critical...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution,...