At the end of September, we learned that Facebook had been hacked. It was being estimated that as many as 90 million of their users may have had their access tokens stolen by hackers. But now Facebook is saying that the number is only about 30 million. Why such a big discrepancy? Does that even matter? Yes and no. The 90 million is the number of its users that Facebook logged out because they weren’t sure how many people were affected. I do give Facebook a really hard time when it comes to almost everything, but this was a good move. Facebook forced these 90 million users to change their passwords – again a really good move by Facebook.
How do you know if you were one of the users whose access tokens were hacked? Over the next few days, Facebook will insert a customized message into your News Feed if you were impacted. The customized message will be, of course, custom to you – based on the extent of the damage to your particular account.
Guy Rosen, Facebook’s Vice President of Product Management had this to say:
“People’s accounts have already been secured by the action we took two weeks ago to reset the access tokens for people who were potentially exposed—no one needs to log out again, and no one needs to change their password. We’ll be explaining what information the attackers may have accessed as well as steps they can take to help protect themselves from any suspicious emails or text messages or calls that could potentially result from this kind of information being exposed.”
Is this reassuring? I mean, I’m on the fence about that one. I think it’s good in that they’re being so open with their communication, but I’m not convinced that Facebook is doing anything over and above their obligations. The good news? One million, of the 30 million users didn’t have any of their data compromised. The remaining 29 million users will see one of two messages, depending on the extent of the damage. Fifteen million of them had their name, email addresses, and phone number accessed by hackers. While that’s not ideal by any accounting, the remaining 14 million Facebook users are left with a much worse result.
In addition to this information, the list of details that the hackers accessed is quite long: username, date of birth, gender, devices you used Facebook on, and your language settings – to say the least. If you filled out the relationship status, religion, hometown, current city, work, education, or website sections of your profile, they got that too. And most unsettling of all, they could have accessed the 10 most recent locations you checked into or were tagged in, and the 15 most recent searches you’ve entered into the Facebook search bar.
What does all this mean? Well, the good news is that 90 million people didn’t have this information handed over to hackers. The bad news is that this information was taken regardless, and now it’s you who has to deal with the fallout. I am an advocate for #DeleteFacebook, and the evidence in favor of that keeps mounting.