How could the attackers use your information and what can you do to protect yourself?
FACEBOOK… SECURITY BREACH
Here’s what they have to say:
How could the attackers use this information and what can I do to protect myself?
Your privacy is incredibly important to us, and we’re very sorry this happened. While we don’t know if the attackers will use any of the information they accessed, it appears the information may allow them or other third parties to use it to create and spread spam on and off Facebook. We’re actively working with law enforcement as we continue to investigate.
Here are some things you can do to help prevent the misuse of your information:
- Be cautious of unwanted phone calls, text messages or emails from people you don’t know.
- Your email address and phone number can be used to target you with spam or attempts to phish you for other information. Learn more about phishing and how to protect yourself from it.
- If you get a message or email claiming to be from Facebook. you can always review recent security emails to confirm if it’s legitimate.
- Other information can be used to send you personalized emails and messages that might be an attempt to scam you.
If you have questions about this update, you can contact our privacy team.
More information on the security breach
An important update about Facebook’s recent security incident
We previously announced a security incident on Facebook and want to provide an update on our investigation. We have now determined that attackers used access tokens to gain unauthorized access to account information from approximately 30 million Facebook accounts. We’re very sorry this happened. Your privacy is incredibly important to us, and we want to update you on what we’ve learned from our ongoing investigation, including which Facebook accounts are impacted, what information was accessed and what Facebook users can do about this.
What is the status of Facebook’s investigation and what was learned?
- On September 25, 2018, we discovered that attackers had exploited a vulnerability caused by the complex interaction of three bugs in our system to obtain access tokens. Tokens can be used, like a digital key, to request certain information through our platform. We acted quickly to secure the site and began an investigation to determine if anyone’s Facebook information was accessed and how many users were impacted.
- To protect our users while we conducted an investigation, we invalidated the access tokens of almost 90 million accounts that were potentially impacted by the vulnerability. There’s no need for anyone to change their passwords, and if you’re still having trouble logging back into your account, learn what you can do.
- Starting September 28, we notified users who were logged out, explained why we did this and shared what we knew about the attack at that time. You can read more about this incident and our initial response. When we shared this initial response, we were still investigating and didn’t yet know if anyone’s Facebook information was accessed.
- We have now determined that between September 14 and 27, the attackers used the access tokens to get certain Facebook account information from our platform. These access tokens have been since invalidated, which prevents any further access to Facebook account information. Learn more about how this attack took place.
Our investigation is still ongoing, and if we have more information to share, we’ll let you know.
Is my Facebook account impacted by this security issue?
Yes. Based on what we’ve learned so far in our investigation, attackers accessed the following Facebook account information:
- Primary email address.
- Most recently added phone number.
Additionally, the attackers also accessed other account information, including:
- The following information associated with your Facebook account:
- Date of birth.
- Types of the devices you’ve used to access Facebook.
- The language you choose to use Facebook in.
- If you previously added this specific information to your Facebook account, it was also accessed:
- Relationship status.
- Current city.
- The 10 most recent locations you’ve checked in to or been tagged in. These locations are determined by the places named in the posts, such as a landmark or restaurant, not location data from a device.
- The 15 most recent searches you’ve entered into the Facebook search bar.
- People or Pages you follow on Facebook.
Based on what we’ve learned so far in our investigation, the attackers did not gain access to certain information, such as:
- Account passwords.
- Payment card or credit card information.
Source from https://www.facebook.com/help/securitynotice