According to a blog post published on September 28th, 2018 by Facebook (FB), their engineering team discovered that 50 million accounts were affected by a security issue. Practically, a vulnerability in FB code allowed hackers to steal FB access tokens. The full article can be read here.
It is interesting to have a look at the details of the hack according with the FB VP of product management:
- “For about 15 million Facebook users, attackers accessed two sets of information: usernames and contact information including phone numbers, email addresses and other contact information depending on what users had on their profiles.
- For about 14 million Facebook users, attackers accessed an even wider part of their personal data, including the same two sets of information mentioned above, along with other details users had on their profiles, like gender, language, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches.
- A remaining 1 million Facebook users did not have any personal data accessed by the attackers.”
This type of incident shows once more the need to involve cyber-security measures at software design time, but also to have the right tools to detect and prevent, if hack attempts are happening. FB is finding recently harder to detect and contain potential breaches as new features are being rolled out fast and their business model changes and adapts rapidly to the detriment of proper security measures and preventive actions.