Facebook revealed that a hack in September 2018 allowed attackers to harvest millions of phone
numbers and email addresses. The company said hackers used 400,000 accounts under their control to gain the access tokens of 30 million Facebook users, according to a blog post. Access tokens are used by Facebook users to log into their accounts without having to type in their passwords
Among the 30 million affected users, 14 million had their names, contact information and sensitive information, such as their gender, relationship status and recent place check-ins, exposed to the attackers, Facebook said. Another 15 million users had their names and contact information breached, and 1 million users solely had their access tokens stolen. Facebook has reset the access tokens for all of those users.
• Facebook Take Step to Check Whether the account
is hacked or not
Facebook also published a website where users can go to check if their accounts were affected by the breach, and if so, to what degree their information was exposed.
What it cause
Three software flaws in Facebook's systems allowed hackers to break into user accounts, including those of the top executives Mark Zuckerberg and Sheryl Sandberg, according to two people familiar with the investigation but not allowed to discuss it publicly. Once in, the attackers could have gained access to apps like Spotify, Instagram and hundreds of others that give users a way to log into their systems through Facebook