Hackers captured 50 million user data from Facebook: What is known so far and how users check whether their own profile is affected.
Facebook confirmed over the weekend that hackers were able to gain access to 50 million user profiles. By exploiting three different vulnerabilities, the attackers were able to access numerous social media profiles. Facebook is currently still investigating what data the cybercriminals are targeting and what purpose they are pursuing.
It is known so far that hackers could access chat content, pictures and videos while taking over an account. The attackers apparently downloaded private data from the profiles via the Facebook-API. In response, Facebook has reportedly reset the access token for the 50 million affected accounts. For 40 million additional accounts for which the “View as” function was used last year, a new password entry was also initiated as a precaution.
How criminals hacked 50 million Facebook profiles
This attack is primarily based on “access tokens” that keep users logged on to Facebook. Without this digital key, account holders would have to enter their password each time they log in. In combination with security vulnerabilities in the video uploader and the “View as” function, cybercriminals were able to gain access to Facebook accounts without knowing the corresponding password.
As the security blog “The Hacker News” explains, hackers can also bypass two-factor authentication. Only the access token is required for logging in.
Facebook account hacked – what to do?
Facebook users should first check whether their account is affected by the current wave of attacks: The menu is hidden in the desktop view behind the arrow at the top right. A click on Settings takes the user to a new page, where he selects Security and Login in the left column. Facebook will then show you under “Where you are currently logged in” where the last logins were made.
If a registration falls out of the grid, a click on “This is not you” in the menu next to the corresponding entry will help. Users then follow the instructions for “Back up account”, which also includes password re-assignment.
If you use Facebook to log in to third-party sites, for example, you should confirm the link again. This renews the access tokens. Instagram users should also reconnect their account if they sign in via Facebook.
Data scandal could lead to fines
Facebook has now been able to close the security breaches and is working with the FBI to investigate the incident. The efforts of the social media group are not sufficient for some users, as the class action lawsuits filed in the USA prove.
In addition, there are amended DSGVO regulations, which could result in legal action against the Group. The European Union is already gathering information on the nature and extent of the hacker attack on Facebook. The company could face a fine of up to 1.4 billion euros from the EU, according to the Wall Street Journal website.
The extent to which trust in Facebook has been shaken remains to be seen. After all, a scandal involving 50 million stolen user data in March 2018 already left a trace in the company’s tally. It is possible that some users do not feel sufficiently protected and deactivate their profile.