Facebook revealed on Friday in which a previously announced security breach on its platform had a wide impact for some users, along with This particular confirmed in which the hack compromised personal along with contact information. The company said the FBI can be actively investigating the hack along with asked Facebook not to disclose any potential culprits.
The attack, detected in late September, exposed some users’ emails along with phone numbers, as well as profile information including gender, location, birth date, along with recent search history. In a blog post on Friday, Facebook did not apologize for exposing its users’ information although noted in which This particular was cooperating with the FBI, the US Federal Trade Commission, the Irish Data Protection Commission, along with different authorities on the issue.
The attack involved the capturing of Facebook “access tokens,” or digital keys in which allow websites to recognize who someone can be along with keep them logged in. Using accounts they already controlled, the attackers used an “automated technique” to exploit Facebook’s “View As” functionality along with steal access tokens for some 400,000 people. Hackers than used friend lists coming from a portion of those 400,000 affected accounts to obtain access tokens for another 30 million people. (Here’s how to find out if you were hacked.)
“For 15 million people, attackers accessed two sets of information – name along with contact details (phone number, email, or both, depending on what people had on their profiles),” the company said in its Discharge. “For 14 million people, the attackers accessed the same two sets of information, as well as different details people had on their profiles. This particular included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, along with the 15 most recent searches.”
The company said for about a million people, attackers did not access any information.
An FBI spokesperson acknowledged in which the agency had been in touch with Facebook, although declined comment.
When Facebook first announced the breach last month, This particular noted in which 50 million accounts had been affected, although in which This particular was unclear what those accounts were used for or what exact information had been accessed. Facebook also said in its initial statement in which This particular was investigating whether an extra 40 million accounts had been affected. While This particular pared in which number down on Friday, the company revealed in which a wide swath of information was available to attackers of affected accounts, including private messages in specific cases.
“Message content was not available to the attackers, with one exception,” Facebook said in its blog post. “If a person in This particular group was a Page admin whose Page had received a message coming from someone on Facebook, the content of in which message was available to the attackers.”
In a call with reporters on Friday, the company did little to divulge anything beyond its blog post, citing the ongoing FBI investigation. Guy Rosen, vice president of product management, noted in which affected users might be notified through the platform inside the coming days, along with in which the company might find ways to contact those who had their personal information compromised along with had already deleted their accounts.
For the time being, Facebook also shut down the “View As” functionality, which allowed users to see how their profiles appeared to different accounts. Facebook confirmed in which the attack did not affect Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.