How to know if your account was hacked and what user information the hackers got
After the massive data theft that compromised the information of tens of millions of accounts, Facebook began sending personalized messages to inform people if they were affected and in what form. Digital forensics specialists from the International Institute of Cyber security inform users that have not received any notification from the social network that they can verify manually if their account was hacked and what data could have been leaked.
A little context
As reported by several cybersecurity and digital forensics specialists, between September 14 and 27, an unknown attacker used vulnerabilities persistent in a Facebook feature to get authentication tokens from dozens of millions users. It was initially estimated that between 50 and 90 million accounts had been compromised. After an additional investigation, Facebook said the number of hacked accounts was approaching 30 million people. In a statement published by Guy Rosen, Facebook product management VP, said:
“We now know that fewer people were affected than we originally thought. Of the 50 million people whose access tokens we believed were affected, about 30 million were stolen indeed”.
To check your account security and know what kind of information is in the hands of hackers, you can follow the steps listed below.
Security check
- First, you must log into Facebook on the same platform you are about to use to perform the verification. No matter what platform you are using (desktop, Mobile, iOS, Android, etc.), as long as you are logged into Facebook
- You can then confirm if your account was compromised by visiting the platform that Facebook set up for such purpose
- This platform contains some updates on the ongoing research, as well as a personalized message for each user. Scroll to the end and look for one of these three messages (messages may vary depending on the user, but the overall idea is the same):
Does this security issue affect my account?
Based on what we know so far, your Facebook account has not been impacted by this incident. If we find more compromised accounts, we will restart the access tokens and notify the users. (In this case, the account has not been hacked).
Does this security issue affect my account?
Research is ongoing but, based on what we know so far, hackers did not get access to information associated with your Facebook account. (In this scenario, your Facebook account was hacked, but your personal information is safe).
Does this security issue affect my account?
The investigation is ongoing but, based on what we know so far, hackers accessed the following information:
- Name
- Primary email account
- Phone number most recently linked to the account
In addition, the attackers accessed other account details, including:
- Username
- Date of birth
- Gender
- Device types used to access Facebook
- Language used to access Facebook
(In this case, the user’s account is seriously compromised)
According to Facebook, half of the accounts committed (15 million people), the attackers agreed to these two sets of information:
- Name
- Contact details (phone number, email, both, depending on the content of the user profile)
Additionally, another 14 million of people could also have suffered the theft of the following data:
- Username
- Gender
- Language
- Sentimental situation
- Religion
- Hometown and residence city
- Devices used to access Facebook
- Education
- Work
- Visited pages
- Places visited
Hackers could use the information from those 14 million of users in identity thefts, spear phishing attacks, phone scams, or even try to control their other accounts based on stolen information.
Despite the catastrophic panorama, experts in digital forensics believe that there is some good news. For example, Facebook Messenger conversations were not compromised during this attack. According to Facebook, this is extended to Messenger Kids, Instagram, WhatsApp, third-party apps and advertising or developer accounts.
Facebook says that even if your data was compromised, changing your password will not improve the situation, as hackers did not steal passwords but access tokens, which they could use to commit accounts without using access credentials.
Here is some additional information that could help those users concerned about the security of their information:
- Facebook has shown serious deficiencies in the management of user data recently, which has generated a great loss of users
- Malicious actors have developed a strong affinity for attacking data custodians (corporations that are part of vast customer information groups) to perform fraud and extortion
- Never use a social network or an unencrypted messaging client to write or share something you would not want to leak
- Use end-to-end encryption and two-factor authentication on each platform that provides that possibility
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.