The breach resulted in the theft of data pertaining to more than fifty million of the site’s users.
Here’s what we know so far about the attack:
- The hackers pulled off their heist by taking advantage of three different vulnerabilities.
- Facebook detected the breach after spotting an unusual spike in traffic.
- Your password has not been compromised, but unfortunately, the hackers don’t need it.
- The hackers stole more than fifty million access tokens. These tokens can be used to take over Facebook accounts without passwords, even if you have two-factor authentication enabled.
- If you were in the compromised group, the hackers have every scrap of personal information you’ve entered into the social media site.
- If you use the “Logged in as Facebook” feature on other websites, those accounts are also at risk. The hackers can use the stolen tokens to access any site you log into with your Facebook credentials.
- The reason you got logged out was because Facebook reset access tokens for everyone they suspected may have had their data stolen.
- To find out if you’ve been hacked, you can check “Active Sessions” on Facebook. If you see an unknown IP address, or a location in some other country, that’s a sure sign that you’ve been hacked.
- This breach is not connected in any way to the hacker who pledged to delete Mark Zuckerberg’s personal Facebook page.
In addition to that, you should know that Facebook is now facing a class-action lawsuit over the hack. The suit alleges that the company failed to protect their personal data from falling into the wrong hands due to the company’s lack of proper security practices.
While the vulnerabilities have been fixed, the class-action lawsuit has a good chance of succeeding. The investigation is still in its early stages, and there may be updates to this story as we learn more.