A few weeks ago Facebook reluctantly announced that a whopping 90 million of its users may have had their ‘access tokens’, which keep you logged into your account, so you don't have to sign in every time, stolen by hackers.

However, it has now revised that figure put the actual number at a still considerable 30 million.

The company says that one million of the 30 million people who had their access tokens stolen didn’t have any of their data comprised.

Fifteen million users had their name, email addresses, and phone number accessed by hackers.
  • Fourteen million Facebook users lost basic contact information username, date of birth, gender, devices you used Facebook on, and language settings, at the very least. 
  • If you filled out the relationship status, religion, hometown, current city, work, education, or website sections of your profile, this was also likely hacked. 
  • Hackers could also have accessed the 10 most recent locations you checked into or were tagged in, and the 15 most recent searches you’ve entered into the Facebook search bar.

Over the next few days, Facebook will insert a message into the news feeds of the 30 million people whose accounts were impacted. The messages will be customised based on the extent of the damage.

Facebook said people’s accounts have already been secured by the action it took to reset the access tokens for people who were potentially exposed. No one needs to log out again, and no one needs to change their password, it added.
  • Facebook says they’ve seen no signs yet that attackers used its access tokens to infiltrate third-party apps and services, as was technically possible. 
  • It also says that no account passwords or credit card information was compromised.

That’s all well and good BUT…

For cyber fraudsters the amount of information, and its sensitive nature, is akin to discovering a diamond mine. Facebook says there is no evidence of the data being used in fraud.

But assuming the hackers did make off with this data, and who would bet against it, they could be sitting on it, waiting to release it onto hacker forums/websites on the dark web.

In short it could lead phishing campaigns on a near epic scale, not only in the future but also for several years.
Those who have had their accounts hacked should look out for:
Email or phone calls, purporting to be from legitimate organisations. These could include:
  • Companies/organisations that have been contacted via Facebook pages
  • Companies/organisations local to the area you live in
  • Utility companies, broadband and phone providers that deliver services to your local area
  • Financial services organisations local to the area you live in

This is an extensive list but fraudsters are nothing if not clever.
  • Names, addresses, phones numbers and so on, open up a world of possibilities to cyber fraudsters.

If you have the slightest doubt whatsoever contact the organisation yourself directly to verify whether they have contacted you.

Personal protection

Its hacks like these, with so much personal data lost, that drives people to lock down their information as much as possible.

For instance BullGuard Premium Protection monitors your personal data 24/7 and alerts you if it is detected anywhere on the internet or dark web.
  • A fraudster could use the information lifted in a hack such as Facebook to fraudulently apply for loans and even mortgages, open bank accounts and make a raft of expensive online purchase all in the victim’s name.
Simply, BullGuard Premium Protection ensures this won’t happen.