'Only' 30 million accounts were compromised in Facebook hack


Posts: 422   +65
Staff member

That’s some good news at least. In a blog post yesterday, Facebook’s Guy Rosen went into further details about how the hack worked and what information was disclosed. Unfortunately, he revealed that 14 million accounts had been breached fully with names, contact details, usernames, gender, language, relationship status, religion, city, birthplace, age, friend lists, recent searches and more exposed in the attack. No passwords, however.

Private messages weren’t stolen, except for messages a page admin received from their group. Contact details, birthplace and date of birth could possibly be used for financial theft, but the only use of the rest of the information is for public manipulation. It’s possible that advertisers or political operatives would purchase such information and use it for targeted advertising. Facebook says that the attack has nothing to do with the US midterm elections – quite likely considering that many accounts were not American – but on request of the FBI, aren’t revealing their suspects.

"We are sorry this happened. We know we will always face threats from people who want to access accounts and steal information.”

As Rosen explains, hackers used the “View as” feature to steal the access tokens from their friends, then “used an automated technique to move from account to account, so they could steal the access tokens of those friends, and for friends of those friends, and so on, totaling about 400,000 people.”

The friends list from each of those 400,000 accounts was accessed, and a small portion of those friends were also hacked. But due to the high numbers of friends the average account has, that small portion was 30 million people. Many questions remain unanswered: was the selection of those accounts random? What was the hackers’ motive?

In the coming days Facebook will be sending out personalized messages to each of the accounts compromised, detailing the extent of the information stolen and advice on how to avoid any damage the data theft could cause. If you’re unsure if your account was affected, you can check at their Help Center.

All Facebook accounts that were hacked had already been secured within two days of Facebook discovering the attack, and no third-party apps were accessed, but you may like to add another layer of authentication if you're worried you reveal too much on your Facebook page.

Permalink to story.



Posts: 2,854   +199
I never got a message from FB I got word from FBF = FB Friends. I had locked down my account for friends only on everything use 2-layer login protection. Now real pain-in-the-neck to use. But necessary.


Posts: 2,643   +1,805
@Techspot, Do you guys have a visual timeline of every facebook security breach since 2009 or thereabouts?
  • Like
Reactions: Eldritch


Posts: 1,070   +118
Deactivated my facebook profile. simple. I wanted to clear out my data first, but c'mon what's really deleted in facebook?
  • Like
Reactions: DaveBG


Posts: 16,209   +4,970
Yeah, that's what I noticed too... Lots of ONLYs! It seems the author works for Facebook as a second job!
If you could read English as well as you imagine you can critique it, you'd notice the, "shock quotes", around the word "only" in the title.

Shock quotes are used as sarcasm in many cases, especially in imparting a completely opposite meaning to the word enclosed, which is the case in the title of this article.

Beyond that, @mongeese has merely reported the context of Facebook's press conference, and not simply typed out what you either think he should have said, or what you wanted to hear.

This is a staged hack, meaning the next 30 million victims will be targeted in a near future...
A good way for someone to avoid this, is to not be emotionally needy enough to join Facebook in the first place.


Scare Quotes[/SIZE]
Scare quotes (also called shudder quotes) are quotation marks used around a word or phrase not to indicate a direct quotation but to suggest that the expression is somehow inappropriate or misleading—the equivalent of writing "supposed" or "so-called" in front of the word or phrase.

Scare quotes are often used to express skepticism, disapproval, or derision. Writers are generally advised to use them sparingly.
Last edited:
I don't know whether it's due to recent hack or not, My ads account appeared to be charged with $50+ and that ad was not run by me!!! I have already reported to facebook.