Facebook says hackers got personal information from 29 million accounts

Facebook says hackers got personal information from 29 million accounts

On Friday, the social network said fewer users were affected in a security breach it disclosed two weeks ago than originally estimated almost 30 million, down from 50 million.

Hackers stole neither personal messages nor financial data and did not use their access to accounts users' accounts on other websites, the company said.

In a conference call today, Facebook's Guy Rosen said that the company was working with the Federal Bureau of Investigation, but had been advised not to comment on who the perpetrators might be. Before we get too deep into the weeds of how Facebook says the attack happened and what it's doing about it now, here's how to tell if you're one of the 30 million or so people affected.

Facebook shares have dropped by 1.1 percent since the statement was released. The company had initially said 50 million accounts were affected.

"In the process, however, this technique automatically loaded those accounts' Facebook profiles, mirroring what these 400,000 people would have seen when looking at their own profiles", Rosen wrote in the post.

Access tokens are used to save users the effort of logging in every time they want to use Facebook.

The social network previously confirmed to The Register that the accounts of Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg were among those affected.

More news: Samsung Galaxy A9 Is Here

Facebook identified a spike in the activity of September 14, 2018, which led them to launch an internal investigation. For 15 million of those people, the hackers were able to get phone number, email address, or both.

The company believes its initial estimate of 50 million compromised login tokens - it reset 90 million in total as a cautionary measure - was generous, and Facebook now believes the number of accounts impacted to be closer to 30 million.

Facebook said in a security update that there's no need for anyone to change their passwords, although security experts say it couldn't hurt to do so.

Facebook says it's going to start alerting everyone whose accounts were compromised "in the coming days", but you can find out right now.

Facebook also stated that the attackers did not have access to information related to other Facebook services such as Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.

Facebook Vice President Guy Rosen said in a Friday call with reporters that the company hasn't ruled out the possibility that other parties might have launched other, smaller scale efforts to exploit the same vulnerability before it was disabled.

The breach was the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had their personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.

Related Articles