Facebook announced a massive security breach on September 28, 2018, initially it was said more than 50 million accounts access tokens was stolen by exploiting the software vulnerability in “View As” feature between July 2017 and September 2018.
Now after further investigation, Facebook now announced that attackers have stolen 29 million Facebook accounts.
The bug was discovered on September 25, 2018, and the attackers have exploited a vulnerability caused by the complex interaction of three bugs in our system to obtain access tokens.
15 million people – name and contact details (phone number, email, or both, depending on what people had on their profiles).
14 million people – the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birth date, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.
Facebook Account Affected
Now you can check that your Facebook account affected by this security issue. Facebook set up a page to check that your account was compromised by the security breach, you can visit the page to check the status.
“Based on what we’ve learned so far, your Facebook account has not been impacted by this security incident. If we find more Facebook accounts were impacted, we will reset their access tokens and notify those accounts.”
If you got this message then nothing to worry, if you account affected then Facebook tell you what kind of details the hackers stole.
Changing the password is not a fix, because the passwords are not compromised. Now as the hackers having your personal data you should carefully handle the spam calls, Email, and messages. The Risk of spear-phishing attacks may on the rise.
Last week Google announced Google+ shut down following the security breach that exposed 500,000 Google+ accounts. The bug allows third-party developers to access user’s name, email address, occupation, gender, and age.