Facebook Security Incident - Update

Facebook Security Incident - Update

<  Back to News and Media

Published on:

October 13, 2018

What happened and what’s changed?

In September 2018 Facebook revealed that it had experienced a data breach that was thought to have impacted around 50 million accounts. Overnight Facebook has now revised the estimate of impacted users to 29 million accounts.

Details provided by Facebook about the nature of the breach have not changed. Facebook first detected the breach on 25 September 2018. The breach was believed to have occurred between 14 and 27 September 2018. The breach was malicious and the attackers exploited detected vulnerabilities relating to Facebook user token information. These tokens allow users to access their Facebook accounts without having to perform the login process each time. This information was accessed via Facebook and not the users’ devices – in other words, it is believed that the information was not stolen because a user had their device hacked.

What information was compromised?

Facebook has indicated that for around half of the impacted user accounts (around 15 million users), the token access enabled the compromise of name and contact information(such as email address and phone number). For 14 million other account holders, the attackers were able to access the same information in addition to username, gender, location, language, relationship status, religion, hometown, current city, birthdate, education, work, places where they checked in or were tagged, website, people or Pages followed, recent searches and device types used to access Facebook. There were a further one million account holders where the attackers were able to access the tokens, but did not access any other details.

Facebook has provided some details which have been updated on its website at Facebook Security Notice

What are the risks relating to this information for users?

There are two predominant risks IDCARE has identified for users that have been exposed in this breach. The first relates to the risk to third-party accounts and services where the Facebook account credentials are also used as an accepted form of enrolment or authentication. There has been a significant growth in third party apps and online services that accept Facebook username and logins as their own log in credentials. Users are encouraged to review these accounts and if necessary (and possible) amend their security settings. The period that this exposure was most at risk was between 14 September 2018 and 28 September 2018 – the period from when the attackers gained access to the tokens to when Facebook force logged out around 90 million user accounts.

The second key risk relates to identity theft and what is known as “social engineering” risks. For users who had username, gender, location, language, relationship status, religion, hometown, current city, birthdate, etc. compromised, this information can present identity theft and related fraud risks. Whilst this information alone presents minimal risks of identity theft – most often other credential information is needed by criminals – this information does present an opportunity to socially engineer engagements between criminals and users in order to elicit more risky personal information. IDCARE receives reports on this type of criminal engagement every day from across the Australian and NewZealand communities. Social engineering remains amongst the more common form identity theft and related risks materialise.

For example, there is a current phishing campaign reported to IDCARE from impacted community members that relates to the provisioning of old passwords to users and an extortion attempt to try and convince recipients that the criminals have even more details and that without payment these details will be exposed by the criminals publicly. IDCARE assesses that this phishing campaign has leveraged from data acquired from prior data breaches impacting other social networking services. This remains an enduring future risk for the users of Facebook caught up in this most recent breach.

IDCARE advice to impacted users on what to do
  • Run anti-virus on all of your Internet-enabled devices and ensure you have updated your applications and operating systems.
  • Log out of Facebook, change your password and consider initiating second- factor authentication.
  • Log out of all other connected applications and services that rely on your Facebook username and password and log in using your new password.
  • Be very careful responding to emails, social media communications, and text messaging that ask you to open links or attachments.
  • Look for any unusual activity relating to your Facebook and relevant third party applications, such as log in and usage histories, posts or changes to rules, user access or related settings that do not accord to your own usage.
  • Limit the amount of personal information you store and share on Facebook and related social media.
  • Remove all personal information, including identity credential information, sent and received on your email accounts.
  • Keep checking Facebook for any further updates about this breach.

For more on Facebook security please see our Facebook Security Fact Sheet.

We also have Fact Sheets on;


Other News

IDCARE is always active in the media from radio to TV, social media and news articles. Keep up to date with what's happening at IDCARE and in the media.
Lost Your Wallet? How To Ensure You Don’t Lose Your Identity As Well

Plus unveiling the Christmas gift scam and the other trending scams.

Behind the mask: Unveiling the new and the trending scams in the fortnight

Behind the mask: Unveiling the new and the trending scams in the fortnight

IDCARE on the Today Show

Australians are losing an average of $25 million a month in investment scams.



IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help

Submit a web request

Call Centre Icon


1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440