Privacy & Security 2 min. read

Facebook’s recent hack was started by attackers targeting their own friends

Facebook’s recent hack was started by attackers targeting their own friends

What’s a little hacking between friends? Apparently, it’s no big deal if you’re the hackers behind Facebook’s latest scandal.

Facebook has shared more info surrounding its giant hacking. Some of that information is good news, like how the estimated 50 million users affected is actually more like 30 million users. Some of it is not so good, like how 14 million of those users had sensitive data stolen like their location — showing the last 10 places a victim was tagged.

Went to a pumpkin patch with your kids last month? Or made several trips to the hospital for a sensitive health issue you’re dealing with? Chances are, if you were a victim, the cybercriminals have that private information.

When combined with other data collected, like your search history, birth date, email address, phone number, and much more, the criminals can paint a pretty accurate picture that can then be used to exploit you in any number of scams.

How did this hack start?

According to Facebook, the hackers actually went after their own friends first. They used a vulnerability in Facebook’s “View As” feature to steal their friends “access tokens” (effectively the keys to their accounts). Once they had those, they stole the friends of their friends’ access codes, and so on. This initial step was done automatically until they had amassed 400,000 accounts within their own network.

For those initial victims, the hackers could see timeline posts, friend lists, what groups they were members of, and who they had recently sent messages to. Once they had gathered that data, they then spread the hack beyond their immediate network and targeted the remaining roughly 29.5 million people.

It took Facebook 11 days to figure out that something was wrong. On September 25 a spike of activity caused it to learn that it was under attack, but for those previous 11 days, the attackers were feverishly hacking new users on a huge scale, stealing their private information, all without anyone knowing.

It’s currently unknown why the hackers initially targeted their friends. Maybe they saw them as guinea pigs to test out their hack on a smaller scale before unleashing it on the general public.

Either way, the whole situation will undoubtedly lead to new scams that will cost victims thousands upon thousands of dollars. It’s more evidence that corporations need to do a better job protecting their users and that the people themselves should look at tools to keep them safe online. After all, why rely on others when you can take matters into your own hands?

Looking to protect your online privacy and prevent attacks from hackers? You can download Hotspot Shield today for free and keep all of your devices secure.

Download Hotspot Shield for FREE

Get the latest stories and tips from Hotspot Shield in your inbox