At the end of September, Facebook admitted that it had experienced the largest hack in the company's history: It said up to 50 million Facebook users' personal information may have stolen, and that it was investigating an additional 40 million accounts in case they were potentially compromised, too. On Friday, the company clarified that only (relatively speaking, of course) 30 million people were affected by the hack, though 1 million of those people didn't have any information stolen. The attack was possible through a vulnerability in Facebook access tokens, which allow users to stay logged into the social network in their browser and access other sites using their Facebook login. Facebook says that the hackers, who haven't been identified, accessed the names and contact details of 15 million people. That could include their phone numbers and email addresses, depending on what information they had shared on Facebook.
Cybersecurity experts revealed a few days ago that over half a billion Facebook users' personal information have been leaked. It's a gold mine of data, which includes users' full names, birthdays, locations and phone numbers. Although Facebook claims that the actual hack happened a couple of years ago, it won't hurt if users made sure their account is not part of the breach and if they are, they should take a few preventive measures to ensure future incidents as messy as this one won't affect them. Australian Security Researcher and HaveIBeenPawned Founder Tony Hunt recently added the 533 million phone numbers exposed in the Facebook data leak to his website. Those worried if their mobile numbers were part of the leak can visit the site and check if their number is there.
Researchers say 267 million Facebook accounts have been sold on an online black market for just $600. According to a report from researchers at the security firm Cyble the millions of accounts sold on the Dark Web contain personal information including first and last name, email addresses, phone numbers, Facebook ID's and more. Researchers purchased and verified the data themselves and have created a database for users to check and see if their email was included in the breach which can be viewed at AmIBreached.com. While the hack didn't include any hyper sensitive information like passwords, it did expose information that could be used to orchestrate phishing scams on people across the world. 'At this stage, we are not aware of how the data got leaked at the first instance, it might be due to a leakage in third-party API or scrapping,' reads a blog post from the researchers.
Police in Washington, D.C. want Facebook to hand over data on protesters. The D.C. police department subpoenaed Facebook for information regarding several protesters arrested while demonstrating against the inauguration of President Donald Trump on Jan. 20. SEE ALSO: A Facebook Live video of torture stayed up for 30 minutes. A document obtained on Monday by CityLab shows the U.S. Attorney's Office for the District of Columbia issued a subpoena to Facebook on Jan. 27, which was signed by an officer at the police department. The document appears to show D.C. police are looking for the social data of several protesters.
Researchers have discovered yet another massive trove of sensitive data, a dizzying 1.2 TB database containing login credentials, browser cookies, autofill data, and payment information extracted by malware that has yet to be identified. This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast. In all, researchers from NordLocker said on Wednesday, the database contained 26 million login credentials, 1.1 million unique email addresses, more than 2 billion browser cookies, and 6.6 million files. In some cases, victims stored passwords in text files created with the Notepad application.