Facebook hack: 30 million user accounts were stolen by mysterious attackers, company says
For 14 million of those accounts, hackers got even more data, such as hometown, birthdate, the last 10 places they checked into or 15 most recent searches
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Some 30 million user accounts were stolen in a huge hack of Facebook, the company has confirmed.
The breach – the worst in the company’s history – appears to have been carried out by an unnamed attacker, Facebook suggested. It said the FBI was “actively investigating” the hacker, and that it had “asked us not to discuss who may be behind this attack”.
The company had already announced that around 50 million users’ data had been exposed when hackers stole login keys that allowed them to access profiles. But it wasn’t clear how many of them had actually been used.
Now it has admitted that the attack saw personal data on 30 million people stolen.
The hackers accessed name, email addresses or phone numbers from those 29 million accounts. For 14 million of those accounts, hackers got even more data, such as hometown, birthdate, the last 10 places they checked into or 15 most recent searches. One million other accounts were affected but hackers didn’t gain information.
The social media service plans to send messages to people whose accounts were hacked.
While it seemed to suggest that one group of attackers was behind the large attack, it also said that it could not rule out ”the possibility of smaller-scale attacks, which we’re continuing to investigate”, and so the total number of people affected could be even higher.
The attack did not affect other Facebook companies like WhatsApp and Instagram, it claimed.
For the first time, Facebook detailed how the hack had actually worked. It said the attacker already had access to 400,000 user profiles, which it was then able to use to steal “access tokens” for those accounts’ friends, using a major bug in the code that powers Facebook.
By escalating that attack and taking over friends’ accounts and then friends of those friends, the mysterious attacker eventually took over tens of millions of users’ accounts, it said.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments