Facebook announced that on September 25, 2018, it discovered a security flaw that would allow hackers to hijack a person’s Facebook account. Facebook says there are 50 million accounts that it “know[s] were affected.” Another 40 million accounts may be affected, according to Facebook. Facebook has said it will send affected users a notification on their News Feed the next time they log into Facebook.

Impacted members may consider joining a Facebook data breach lawsuit or class action.

Hackers who used one of the 50-90 million stolen access tokens could have used them to gain “full access” to someone’s Facebook account, according to PCWorld, which could allow them to change the password to hijack the account, according to Facebook. LA Times posits that hackers may have been able to use access tokens to pose as the user to message and scam their friends, log into other applications that use Facebook login, or steal money from accounts linked to Facebook (such as someone’s Venmo account or credit card for Facebook Payments). A spokesman for Facebook said he could not “rule out” these possibilities, according to LA Times.

Was your Facebook account compromised?

We can help you find out, and if so, receive the compensation you are due. Contact us for a free consultation. No obligation.

 

  • This field is for validation purposes and should be left unchanged.

1-(800) 254-9493

How do I know if I’m included in the Facebook data breach (2018)?

Facebook says that it is resetting the tokens for all 90 million users who may be affected, so they’ll be forced to log in again on any device where they’ve chosen to “stay logged in.” Once these 90 million users log in again, they will receive a notification on their News Feed telling them they were affected.

Update: Facebook says it has also created a tool for users to check whether they were affected and if so, what information of theirs the hackers appear to have accessed. The tool is at: https://www.facebook.com/help/securitynotice.

The Facebook data breach notification says:

 

An Important Security Update

[Your First Name], your privacy and security are important to us. We want to let you know about recent action we’ve taken to secure your account.

Learn more.

Facebook data breach notification making user eligible for Facebook data breach lawsuit

Facebook’s Data Breach Notification

 

How many were affected by the Facebook data breach?

Facebook says it knows for sure 50 million users were included in the data breach. It says that 40 million more users may have been affected.

What caused the Facebook data breach?

On September 28, 2018, Facebook announced that it had discovered a data breach affecting between 50 and 90 million users. Facebook first noticed unusual activity on September 16, 2018, and launched an investigation, according to TechCrunch. Nine days later, it discovered that attackers had stolen user access tokens. Two days after that, it fixed the vulnerability that had enabled the data breach, according to TechCrunch

Facebook says that the attack exploited “multiple issues in our code,” including its “view as” feature, launched in 2013, and a change that Facebook made to its video uploading process in July 2017.

Facebook reports that hackers used the vulnerabilities in Facebook’s platform to steal “access tokens” for at least 50 million Facebook accounts. These access tokens, when used legitimately, tell Facebook that you’ve already logged in on your device, so you don’t need log in again, according to TechCrunch. But when exploited by hackers, the same access token can trick Facebook into thinking the hacker is already logged in (as you), according to cybersecurity expert Brian Krebs.

Security experts have warned about the insecurity of the Facebook platform since the launch of “Facebook Payments,” a feature that allows people to link credit accounts to Facebook and send payments through Facebook Messenger, according to CSO Online.

HackRead reports that Facebook users’ login information is already being sold on the dark web, an area of the internet that isn’t reachable through search engines but that hackers often use to sell information.

Our Data Breach experience

Our attorneys served in a court-appointed leadership role in the Anthem data breach class action, and helped achieve a $115 million settlement for victims of the Anthem data breach. The settlement received final approval from the court in August 2018.

Our data breach lawyers also currently serve in court-appointed leadership positions in the Equifax data breach lawsuit, Banner Health data breach lawsuit, and Excellus Health data breach lawsuit.

We’ve also achieved landmark results in our past data breach cases, including the Adobe data breach litigation, UCSF data breach lawsuit, and Health Net of California data breach litigation.

Our Data Breach Lawyers

Eric Gibbs

A founding partner at the firm, Eric has negotiated groundbreaking settlements that resulted in reforms to business practices, and have favorably shaped the laws impacting plaintiffs’ legal rights.

David Stein

David Stein focuses his practice on consumer protection and financial fraud. He has written and spoken for the American Association for Justice, Consumer Attorneys of California, and others.

David Berger

David Berger challenges unscrupulous behavior on behalf of consumers, whistleblowers, and injured parties. He litigates class actions, false claims act and privacy cases, and mass torts.

Aaron Blumenthal

Aaron Blumenthal represents consumers and whistleblowers in class action lawsuits involving allegations of corporate misconduct, false advertising, and defective products.

Amanda Karl

Amanda represents employees, consumers and investors in complex class action lawsuits throughout the country. She previously served as a law clerk to the Honorable Richard A. Paez, United States Court of Appeals for the Ninth Circuit, and to the Honorable Claudia Wilken, Northern District of California.

Caroline Corbitt

Caroline Corbitt is a graduate of the University of Southern California Gould School of Law and was a summer extern for the Hon. Laurel Beeler in the U.S.D.C., Northern District of California.

Affected by the Facebook data breach?

We can help. You may be entitled to participate in a class action lawsuit or recover damages. Contact us for a free consultation. No obligations. And we keep anything you tell us confidential.

  • This field is for validation purposes and should be left unchanged.

1-(800) 254-9493