Update: Facebook has just announced additional details on last month's data breach. The company now says that only 30 million accounts had their access tokens stolen instead of the 50 million they had originally believed, and of those 30 million, 15 million users just had their emails and phone numbers taken.
Worse, however, is that for 14 million unlucky users, the hackers were able to access both email info and phone numbers plus their "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches" as well.
Thankfully, 1 million users of the targeted attack had no data stolen at all.
In an updated post on Facebook's newsroom (opens in new tab), the company says it's working with the FBI, who is actively investigating the situation, and therefore can't reveal who they believe were behind the attack.
Original story follows below...
Earlier this week Facebook discovered a breach in its security that compromised the data of nearly 50 million accounts. The announcement that the breach occurred was made on Friday and while authorities have been contacted, but Facebook has yet to discover where the attack came from or the full scope of it.
The breach was discovered by Facebook’s engineering team Tuesday morning and, according to a post on Facebook’s newsroom, the company says that 90 million users were forced to log out and log back in to verify their credentials.
According to Facebook, the attackers used the “View As” feature that allows users to see what their account looks like to their friends, family members and complete strangers to “steal Facebook access tokens which they could then use to take over people’s accounts”.
After the breach, Facebook says it will disable that feature until it can conduct a thorough security review.
What information was taken?
At the moment, Facebook has yet to reveal what data was affected by the breach but says that it’s working to figure that information out.
It doesn’t help that the company isn’t sure who the attackers are or where the attackers came from. Those details, according to Facebook, are still under investigation.
“We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.”
Facebook has reset the access tokens for some 50 million accounts it knows were affected by the breach, alongside another 40 million other accounts that may have been affected.
For those worried they may be affected, Facebook is encouraging folks to visit the “Security and Login” section in their settings to log out of all the locations signed in with their account.
- These are the best internet security suites 2018