Facebook has revealed on Friday that the recent Facebook Security Breach had impacted 30 million users not 50 million as first announced by the company.
The hack in September had allowed the attackers to gather millions of phone numbers and email addresses.
About 400,000 accounts were affected by the attack. First, the hackers already controlled a set of accounts. Automated techniques were used to move from account to account through Facebook Friends list to gain the access. They moved from friend list to friends and then from friends’ friends to their friends’ list.
Total of 30 million people was affected. The attackers access name and contact details of 15 million people, and for the 14 million people attacker accessed the same information as well as other details including username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. For 1 million people, the attackers did not access any information.
Facebook has also informed people on how they came to know of the attack. The came to know of the attack when they noticed an unusual spike of the activity that began on September 14, 2018. They started the investigation and by September 25
It was determined this unusual activity was actually an attack and within two days people’s accounts were secured.
Facebook has also said the breach of the security is under investigation by FBI, and Facebook has been asked not to reveal the identity of the attackers.
“We are still looking at other ways the people behind these attacks may have used Facebook, and we haven’t ruled out the possibility of a smaller scale, low-level access attempts,” said Guy Rosen, Facebook vice president of product management, adding that the company had also notified the U.S. Federal Trade Commission and the Irish Data Protection Commission. People’s privacy and security are incredibly important, and we are sorry this happened,” Rosen said.
However, Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts were not attacked.