Facebook announced that on September 25, 2018, it discovered a security flaw that would allow hackers to hijack a person’s Facebook account. Facebook says there are 50 million accounts that it “know[s] were affected.” Another 40 million accounts may be affected, according to Facebook. Facebook has said it will send affected users a notification on their News Feed the next time they log into Facebook.

Impacted members may consider joining a Facebook data breach lawsuit or class action.

Hackers who used one of the 50-90 million stolen access tokens could have used them to gain “full access” to someone’s Facebook account, according to PCWorld, which could allow them to change the password to hijack the account, according to Facebook. LA Times posits that hackers may have been able to use access tokens to pose as the user to message and scam their friends, log into other applications that use Facebook login, or steal money from accounts linked to Facebook (such as someone’s Venmo account or credit card for Facebook Payments). A spokesman for Facebook said he could not “rule out” these possibilities, according to LA Times.

Was your Facebook account compromised?

We can help you find out, and if so, receive the compensation you are due. Contact us for a free consultation. No obligation.

 

  • This field is for validation purposes and should be left unchanged.

1-(800) 254-9493

How do I know if I’m included in the Facebook data breach (2018)?

Facebook says that it is resetting the tokens for all 90 million users who may be affected, so they’ll be forced to log in again on any device where they’ve chosen to “stay logged in.” Once these 90 million users log in again, they will receive a notification on their News Feed telling them they were affected.

Update: Facebook says it has also created a tool for users to check whether they were affected and if so, what information of theirs the hackers appear to have accessed. The tool is at: https://www.facebook.com/help/securitynotice.

The Facebook data breach notification says:

 

An Important Security Update

[Your First Name], your privacy and security are important to us. We want to let you know about recent action we’ve taken to secure your account.

Learn more.

Facebook data breach notification making user eligible for Facebook data breach lawsuit

Facebook’s Data Breach Notification

 

How many were affected by the Facebook data breach?

Facebook says it knows for sure 50 million users were included in the data breach. It says that 40 million more users may have been affected.

What caused the Facebook data breach?

On September 28, 2018, Facebook announced that it had discovered a data breach affecting between 50 and 90 million users. Facebook first noticed unusual activity on September 16, 2018, and launched an investigation, according to TechCrunch. Nine days later, it discovered that attackers had stolen user access tokens. Two days after that, it fixed the vulnerability that had enabled the data breach, according to TechCrunch

Facebook says that the attack exploited “multiple issues in our code,” including its “view as” feature, launched in 2013, and a change that Facebook made to its video uploading process in July 2017.

Facebook reports that hackers used the vulnerabilities in Facebook’s platform to steal “access tokens” for at least 50 million Facebook accounts. These access tokens, when used legitimately, tell Facebook that you’ve already logged in on your device, so you don’t need log in again, according to TechCrunch. But when exploited by hackers, the same access token can trick Facebook into thinking the hacker is already logged in (as you), according to cybersecurity expert Brian Krebs.

Security experts have warned about the insecurity of the Facebook platform since the launch of “Facebook Payments,” a feature that allows people to link credit accounts to Facebook and send payments through Facebook Messenger, according to CSO Online.

HackRead reports that Facebook users’ login information is already being sold on the dark web, an area of the internet that isn’t reachable through search engines but that hackers often use to sell information.

Our data breach experience

Our attorneys served in a court-appointed leadership role in the Anthem data breach class action, and helped achieve a $115 million settlement for victims of the Anthem data breach. The settlement received final approval from the court in August 2018.

Our data breach lawyers also currently serve in court-appointed leadership positions in the Equifax data breach lawsuit, Banner Health data breach lawsuit, and Excellus Health data breach lawsuit.

We’ve also achieved landmark results in our past data breach cases, including the Adobe data breach litigation, UCSF data breach lawsuit, and Health Net of California data breach litigation.

About Us

Gibbs Law Group is a national litigation firm representing plaintiffs in class and collective actions in state and federal courts, and in arbitration matters worldwide. The firm serves clients in securities and financial fraud, antitrust, consumer protection, whistleblower, personal injury, and employment cases. We are committed to achieving favorable results for all of our clients in the most expeditious and economical manner possible.

As a result, our attorneys are frequently recognized by the courts, our peers, and the legal media for their ability to provide the highest caliber of legal service. Our attorneys take pride in their ability to simplify complex issues; willingness to pursue narrow and innovative legal theories; ability to work cooperatively with other plaintiffs’ firms; and desire to outwork and outlast well-funded defense teams. Eric Gibbs was listed among the Daily Journal’s “Top 30 Plaintiff Lawyers in California for 2016,” named Law360’s “2016 Consumer Protection MVP,” and included among the “Top 100 Super Lawyers” in Northern California.

Affected by the Facebook data breach?

We can help. You may be entitled to participate in a class action lawsuit or recover damages. Contact us for a free consultation. No obligations. And we keep anything you tell us confidential.

  • This field is for validation purposes and should be left unchanged.

1-(800) 254-9493