Social networking giant Facebook Inc. clarified that hackers accessed personal information of accounts of almost 30 million users. Earlier, Facebook had said that a security breach had affected the accounts of as many as 50 million people. In a statement, Facebook said that hackers accessed the name, contact details and other information of the accounts of 14 million people.
But if comes the revelation that the attackers accessed name and contact details of 15 of the 30 million, and everything from gender to relationship status for another 14 million. Just 1 million of the 30 were lucky enough to not have any of their data compromised.
Facebook is already sending customised messages to the 30 million affected users to explain what has happened. It will also suggest steps to protect themselves. The only silver lining to this really dark cloud is that “Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts” have not been affected by this specific attack.
Facebook is not releasing country-specific data on who has been affected where. All the company is saying is that they are taking it seriously and working with the FBI and other agencies to investigate.
In a press call, Guy Rosen, Facebook’s VP of Product Management, said the attackers “moved from account to account using an automated script collecting tokens, repeatedly exploiting the vulnerability using access tokens for about 400,000 people”. The attackers then used the list of friends they collected to “eventually steal access tokens for about 30 million people”. So they accessed 400,000 accounts using the vulnerability in the View As feature.