Find out if you have been affected by the recent Facebook hack
Last month's Facebook hack affected about 50 million Facebook accounts according to Facebook's official announcement on September 28, 2018.
Hackers exploited a series of bugs in Facebook's "View as" function that allows users of the site to view their profiles as public users. The function is handy as it allows users to determine what regular visitors to the profile page see to adjust the visibility of information accordingly.
The hackers gained access to "access tokens" which are used by Facebook and other authentication systems to determine whether the user is allowed to access certain content on the site.
That meant that the hackers did not gain access to user passwords and that it was trivial to shut them out.
Facebook disabled the feature after the hack and invalidated the method used by the hackers to gain access to account data.
The company updated the information that it revealed about the hack. Here is a quick summary of the updated findings based on Facebook's investigation of the incident:
- The hackers controlled a number of accounts on Facebook already and used an automated technique to steal access tokens of friends, and friends of friends, and so on. About 400,000 accounts were affected by this and the attackers managed to gain access to account related data including posts on timelines, list of friends, group memberships, and names of recent Messenger conversations.
- The attackers used some of the accounts to expand the hack and steal about 30 million access tokens from Facebook users.
- For 15 million hacked accounts, name and contact details were accessed.
- For 14 million hacked accounts, additional information such as username, gender, religion, relationship status, and other profile related information was accessed as well.
- For 1 million hacked accounts, no information was retrieved.
Facebook users who would like to know whether their account was affected by the hack can visit the Security Notice page on Facebook to find out about that.
Just open the page and scroll down to the "Is my Facebook account impacted by this security issue?". Users not affected should see the following paragraph on the page:
Based on what we've learned so far, your Facebook account has not been impacted by this security incident. If we find more Facebook accounts were impacted, we will reset their access tokens and notify those accounts.
Closing Words
Facebook users may want to check the security notice page to find out if their account was affected by the hack. (via Deskmodder)
I too deleted my account before Facebook notified the public of the hack or breach (on 8/7/18). So how do I find out if my account info was compromised without a current account to check the Security Notice page? FB gives no option to message them or contact them in any way.
How do I gloat about having no concern about this at all, due to never opening a Facebook account in the first place, as it seemed pretty obvious to any sensible adult entering personal information in to a site like Facebook is probably an irresponsible idea, would lead to bad things happening.
Dude, then you probably don’t use credit cards, right?
How do I find out if I was affected if I don’t have an account?
Martin, FYI… my message was slightly different than the one you posted, but was essentially the same outcome – attacker did not gain access.
“Our investigation is still ongoing, but based on what we’ve learned so far, the attackers did not gain access to information associated with your Facebook account.”
I’ve never subscribed to Facebook. As well as George P. Burdell states it in his comment I’ve been suspicious from the very start, though I’d rather say blocked in the face of so-called “social” websites, for tracking reasons (which may be limited by the user) and before all because I’ve always deeply disliked the very concept of those places : I don’t conceive a planetary hangar as a reasonable place to dialog, I believe one’s relational psychology is at 100% between two persons and reaches 0% above seven, which is why small groups always emerge from large ones. Not to mention the amount of hysteria and hatred found on those social arenas.
But I would care for more intimate collective circles; I’ve heard of ‘Diaspora’ and also, when visiting the WPD (Windows Privacy Dashboard) page (discovered with gHacks’ article a few days ago) of a place called ‘Discord’ but I pain to find information on what it’s all about.
Most Facebook users are addicted to the Face Inquisition site, so i’m afraid whatever scandal won’t touch them. There had been a fire in a Las Vegas casino and it was reported that were found after bodies with their handles still grabbing the machines… addiction is blind.
Thank you, Martin, for providing the “Security Notice page” link, but it is useless to me since I cannot sign in to see what Facebook reports.
I was suspicious of Facebook from their very founding over a decade ago, so I never signed up. I warned and discouraged people I know from ever signing up.
However, I know people who have accounts, and they might have mentioned my name in their posts. They might have posted a picture which included me, and which Facebook then scanned with their “facial recognition” software.
I’m sure that Facebook has by now figured out who I am, where I live, what I look like, and who my friends are. They put a lot of effort and resources into snooping on the whole planet. Will this turn out well for humanity?
To sum up my personal situation, I have no “user name” with which to sign in to Facebook to see what they know about me. I’d like to have these data scrubbed.
https://en.wikipedia.org/wiki/Facebook#Shadow_profiles
I feel sorry for those whose accounts might have been hacked, and for those who signed up expecting something useful but which turned out pernicious, and for those like me whose personal data was swept up without permission, the data having been innocently posted by well-meaning friends.
Facebook only cares about making money off people. They are likes pimps in the hood. The only time they pretend to care is when they cannot escape the fact they were hacked, and then out come the “We are sorry” platitudes.
A few millions people suing Facebook could be a good idea. Unless by using this disservice they accepted to surrender their right to sue together with their right to privacy, to freedom of speech and their first born child.
what about users who have deleted their account 1-2 months before? facebook seems to keep personal data beyond that time. logically you can’t log in to do the mentioned check _on_ fb itself.
it would need something like “have i been pwned”. but that’s utopian.
or are _only_ active accounts actually affected?