In September Facebook publically acknowledged that an attack on its network had exposed the personal information of nearly 50 million users. So how do you know if your profile was exposed? And what kind of data has been stolen?
The social media giant said its engineers detected on September 25 a “very serious” breach in the feature called “View As”, which allows users to check what information other people can see about them,
A first sign that your account was exposed in the data breach is if you had to re-enter your login information, but this is not true in all cases.
Some users affected by the attack also received a notification in their profiles from the social network warning them of their data that has been stolen “by a third party”: name, email address, and phone number.
“As of September 28, we notified users that they had been disconnected, we explained to them why we had done this and we shared what we knew about the attack at that time,” the company said in a statement.
A Facebook report indicates that they believe that this information was used for advertising purposes, but not for a politically motivated nation.
In fact, users who had previously received the notification have observed an increase in unwanted promotion emails in their inbox coming from all types of companies.
Facebook said 50 million users’ accounts had “tokens” grabbed that would allow attackers to gain access to an account without a username and password.
However, Facebook reset account sessions for another 40 million users for whom it has a record that someone used this exploitable feature, even if it believes that the use wasn’t malicious.
“We have now determined that attackers used access tokens to gain unauthorized access to account information,” the social network notes. The so-called “access token” is connected to the personal data of the user’s profile.
Facebook said that since then these access tokens have been invalidated in almost 90 million users “who were potentially impacted by the vulnerability”, “which prevents access to account information”.