Thursday, March 28, 2024

Facebook Now Revealed Hackers Stolen 29 Million Facebook Users Personal Data

Facebook now says hackers accessed 29 million Facebook users data by the recent data breach and stolen users personal details such as Email and phone number and other data what compromised user had in their accounts.

Facebook initially said Security breach allow hackers to steal more than 50 million accounts access tokens by exploiting the software vulnerability in “View As” feature between July 2017 and September 2018.

View as future could allow users to see how their profiles look like when some see their profile and the bug was exploited in this future by attackers.

Access tokens act as a digital key and it helps to people logged into Facebook without reenter their Facebook credentials in App.

This incident was discovered by Facebook September 14, 2018, and confirmed it as a cyber attack due to the vulnerability and they closed the vulnerability Within two days also stopped the attack.

Hackers Accessed 29 Million Facebook Users Data

Facebook now announced that, Attackers stolen exactly 29 Million Facebook users personal data, In this case, Initially Attackers controlled 400,000 people accounts and stealing the access token of their friends of those friends using an automated technique.

It allows automatically loaded those accounts mirroring what these 400,000 people would have seen when looking at their own profile which includes their lists of friends, the name of the recent Messenger conversations etc.

In this case, Message conversation is not available to the attackers but if the accessed account users have any page and they received any message to that page then it could be accessed by attackers.

According to Facebook Attackers used this 400,000 users token and move further lists of friends to steal access tokens for about 30 million people and accessed following data.

  • 15 million people – name and contact details (phone number, email, or both, depending on what people had on their profiles).
  • 14 million people – same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birth date, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches

But they didn’t accessed any data from the rest of 1 million peoples and Facebook sent customized messages to the 30 million people affected to explain what information the attackers might have accessed and how to protect them.

This attack did not include Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts. Facebook Said.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles