Skip to Content

Has FB ever been hacked?

By: Author Natalie Reed

0 Comments
Has FB ever been hacked?

Facebook is one of the largest and most popular social media platforms in the world, with billions of users. Given its massive user base and the sensitive personal data it stores, Facebook is an attractive target for hackers and cybercriminals. Throughout its history, Facebook has faced numerous hacking attempts and security breaches of varying degrees of severity. While major security incidents have been rare, Facebook has not been immune to cyber attacks and data breaches.

Notable Facebook security incidents

Here are some of the most significant security incidents and hacks that have affected Facebook over the years:

View As feature hacked to steal access tokens (2018)

In September 2018, Facebook disclosed that a security vulnerability in its “View As” feature had been exploited to steal access tokens for about 50 million user accounts. Attackers used the stolen tokens to take over user accounts. The breach was the result of three distinct bugs in Facebook’s code and one misconfiguration issue that allowed the bugs to be chained together.

Cambridge Analytica data scandal (2018)

It was revealed in early 2018 that Cambridge Analytica, a political consulting firm, had harvested the personal data of up to 87 million Facebook users without their consent. The firm obtained the data via a quiz app and then used it for political ad targeting purposes. The incident highlighted Facebook’s lack of oversight in how third parties use its user data.

Facebook security bug exposed photos of 6.8 million users (2018)

In December 2018, Facebook revealed a photo API bug that gave app developers too much access to photos shared on the platform. As a result of the bug, apps could access photos that users uploaded but chose not to post, including photos uploaded to Facebook Stories. Up to 6.8 million users were affected by the bug.

Patreon data breach exposes FB user info (2015)

In 2015, the crowdfunding platform Patreon was hacked, resulting in a data breach of 15 gigabytes of data. The breached data contained sensitive personal information of Patreon users, including Facebook access tokens that could allow access to their Facebook accounts.

Palestinian hackers compromise Facebook accounts of public figures (2012)

In 2012, a group of Palestinian hackers calling themselves “Maverick” compromised several hundred Israeli Facebook accounts, including accounts belonging to senior military officials and politicians. The hackers posted anti-Israeli messages and images on the compromised profiles.

Facebook employee password theft (2012)

A Facebook engineer was fired in 2012 after using company passwords to access private customer accounts. The rogue employee used the passwords to spy on at least two women. While the breach was limited in scope, it highlighted insider threats at the company.

How did these attacks occur?

The hackers used a variety of techniques and exploits to carry out attacks on Facebook over the years:

  • Phishing attacks – Some hacking groups sent out fake login pages or compromise email accounts to steal Facebook users’ credentials.
  • Exploiting vulnerabilities – Bugs or weaknesses in Facebook’s code, systems or configurations were exploited to improperly access data.
  • Malware attacks – Malicious software installed on user devices has been used to steal Facebook login cookies and account access tokens.
  • Insider access abuse – Facebook employees with privileged access have abused their positions to improperly access user accounts.
  • Third-party apps – Weak oversight of what data third-party apps could access led to abuse, like in the Cambridge Analytica scandal.

Proper cybersecurity protections, fixes and limited data access could have prevented most of these incidents.

How did Facebook respond?

Facebook’s responses to the various security incidents and hacks included:

  • Notifying impacted users when their data was improperly accessed
  • Requiring affected users to relogin to refresh access tokens
  • Fixing underlying bugs, flaws and misconfigurations that led to the breaches
  • Limiting the data third-party apps could access through the Facebook platform
  • Improving encryption, anti-phishing protections, malware detection and other security measures
  • Firing employees responsible for some incidents
  • Updating its terms and privacy policies to better explain Facebook’s security practices and data access to users

However, Facebook faced criticism following some incidents for not quickly detecting or disclosing breaches. Its responses have improved over time with more robust security teams and procedures in place.

Lessons learned

The hacking incidents offer important lessons for Facebook and other major online platforms storing sensitive user data:

  • No system is completely immune to hacking, no matter its size or resources.
  • Continuous security improvements and bug fixes are essential due to the rapidly evolving threat landscape.
  • Defense-in-depth with multiple layered security controls is necessary to limit damage from inevitable incidents.
  • Strict oversight of third parties accessing user data is crucial.
  • Proper encryption of sensitive data can mitigate unauthorized access.
  • Timely incident detection and disclosure helps limit fallout and restore trust.

Recent security improvements

Facebook has made considerable security improvements in recent years, including:

  • Implementing stronger data encryption, access controls and account protections
  • Expanding its bug bounty program to encourage ethical hacking to find flaws
  • Growing its security team to over 30,000 people
  • Building AI tools to detect malicious behavior and phishing attempts
  • Offering free security keys to high-risk accounts to block phishing
  • Enabling login alerts and two-factor authentication to users
  • Limiting third-party app permissions and access to data

These measures likely make Facebook more resilient to hacking attempts today compared to its earlier years.

Conclusion

Facebook has proven itself vulnerable to various hacking incidents, security bugs and data breaches over its history. Poor oversight of third-party data access, insider threats, lack of proper encryption, and gaps in security protections contributed to many of these incidents. However, Facebook has continuously improved its security and defenses over time. Significant investments in security personnel, AI-driven tools, encryption, access controls and audits help strengthen Facebook against emerging and evolving threats. While risks remain, Facebook today has far more robust cybersecurity policies and practices in place than it did just five years ago.

Related posts:

  1. What Are Facebook Shortcuts?
  2. Is Facebook Shortcut Random
  3. Are facebook shortcut public
  4. Why Are There Always Shortcuts of Friends Showing Up Facebook App