Saturday, June 15, 2024

Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data

Facebook now says hackers accessed 29 million Facebook users data by the recent data breach and stolen users personal details such as Email and phone number and other data what compromised user had in their accounts.

Facebook initially said Security breach allow hackers to steal more than 50 million accounts access tokens by exploiting the software vulnerability in “View As” feature between July 2017 and September 2018.

View as future could allow users to see how their profiles look like when some see their profile and the bug was exploited in this future by attackers.

Access tokens act as a digital key and it helps to people logged into Facebook without reenter their Facebook credentials in App.

This incident was discovered by Facebook September 14, 2018, and confirmed it as a cyber attack due to the vulnerability and they closed the vulnerability Within two days also stopped the attack.

Hackers Accessed 29 Million Facebook Users Data

Facebook now announced that, Attackers stolen exactly 29 Million Facebook users personal data, In this case, Initially Attackers controlled 400,000 people accounts and stealing the access token of their friends of those friends using an automated technique.

It allows automatically loaded those accounts mirroring what these 400,000 people would have seen when looking at their own profile which includes their lists of friends, the name of the recent Messenger conversations etc.

In this case, Message conversation is not available to the attackers but if the accessed account users have any page and they received any message to that page then it could be accessed by attackers.

According to Facebook Attackers used this 400,000 users token and move further lists of friends to steal access tokens for about 30 million people and accessed following data.

  • 15 million people – name and contact details (phone number, email, or both, depending on what people had on their profiles).
  • 14 million people – same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birth date, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches

But they didn’t accessed any data from the rest of 1 million peoples and Facebook sent customized messages to the 30 million people affected to explain what information the attackers might have accessed and how to protect them.

This attack did not include Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts. Facebook Said.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles