The Facebook hack ‘only’ affected 30 million accounts — what we know about the Hackening

Additional information has surfaced that the Facebook hack that occurred on 25 September affected a total of 30 million accounts, instead of the 50 million initially reported. Yup, that makes us feel much better. Thanks Facebook.

We already know what happened. Facebook’s ‘View as’ feature was compromised to give hackers access to user accounts. They started out with control of around 400,000 accounts, and shifted over to controlling accounts belonging friends of the first accounts. Then hackers went after friends of those friends and friends of… you get the idea.

Affected users would have received a security message from Facebook some time this weekend, or early this morning. This message should tell you exactly what happened and what information was compromised. The message you get varies, as the affected users are split into three categories.

The lucky ones

Among the 30 million unlucky users, there are 1 million lucky ones — those whose accounts were compromised without any personal information taken. Even then, it can’t feel good to be on the list, even in this category. 

It’s a bit like finding out someone was in your house when no one was home but… they didn’t take anything. You’ll feel slightly violated, but still moderately safe. Especially since Facebook mentions that, “We’re cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack”. Okay, maybe not that safe…

The unlucky ones

Half of the affected, around 15 million users, had a total of two pieces of information stolen — their names and contact details (which includes a phone number, email, or both, depending on what people had on their profiles). Which may not be as concerning, because this info is already available freely on most profiles.

It’s still very valuable information for advertisers, and although we don’t quite know who coordinated the hack, we can bet it’s not those darned advertisers or some ‘big data’ firm. Facebook usually makes those guys pay for that info. 

The unluckiest ones

If you fall into this category you have reason to panic at least a little bit. Of the 30 million accounts hacked, at least 14 million of them had a substantial amount of personal information compromised.

This includes the user’s, “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches”.

Although Facebook mentioned that the hackers weren’t able to access messages sent by these users, they did have access to messages sent to Pages those users are admins of.

How to check if you’ve been hacked

There are a few options if you’re still not sure if your account has been hacked. Although Facebook should have sent you confirmation of your involvement already, there are other ways to check your hacked status if you’re the paranoid type. 

First and foremost, make sure you’re the only one logged into your Facebook account — Go to Settings – Security and Login – Where You’re Logged In. If you see any strange logins, log out of those devices and inform Facebook by clicking Not You?.

Other obvious things that could prove you were hacked are: unwanted changes of your name, birthday, email or password. If you allegedly sent out friend requests to people you don’t know, or spot messages that you didn’t write then alarm bells should be going off. And of course if you’re seeing posts on your timeline you haven’t created, um… panic? And then notify Facebook.

It’s also a good idea to secure (or, if you’re feeling daring — delete) your Facebook account even if you weren’t affected this time. Hackers are always lurking, and our trust in Facebook is withering. Quickly. 

Source: Facebook blog