It looks like Facebook is sinking deeper and deeper into a bottomless pit of controversy surrounding users’ privacy and security. In a new low in the company’s murky history spanning about a decade, Facebook admitted Oct 13, 2018, that user data of around 30 million users might have been compromised during the Sep 2018 cyberheist.
In case you haven’t paid attention to it yet, the largest social network in the world suffered yet another cyber attack earlier on Sep 2018. Now, that wouldn’t be that big a news considering Facebook’s unapologetically questionable attitude towards users’ concerns about privacy and security of their data. However, the scale of the Sep 2018 attack was just too big to ignore, even though the company initially attempted to play it down. Earlier estimates suggested that the attackers may have obtained access to user data belonging to about 50 million Facebook users. The company is now saying that the damage was less than what they had earlier anticipated.
“We now know that fewer people were impacted than we originally thought. Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen,” said Guy Rosen VP of Product Management at Facebook. The attackers deployed an automated method to grab access tokens using Facebook accounts they already had access to. It took some time, but the attackers eventually got access to data belonging to nearly 30 million users.
Rosen also clarified that the attackers obtained access to only Facebook accounts and other Facebook-owned services such as Instagram and WhatsApp were not breached. He further stated that the company is currently cooperating with the FBI to identify the attackers.