Washington DC [USA]: Social networking giant Facebook Inc. clarified that hackers accessed personal information of accounts of almost 30 million users. Earlier, Facebook had said that a security breach had affected the accounts of as many as 50 million people.
In a statement, Facebook said that hackers accessed the name, contact details and other information of the accounts of 14 million people. It added that hackers also stole information in regard to name and contact details of the accounts of another 15 million people. This also included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches.
The cyber attackers, however, did not gain access to information of the accounts of one million people. “First, the attackers already controlled a set of accounts, which were connected to Facebook friends. They used an automated technique to move from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on, totalling about 400,000 people. In the process, however, this technique automatically loaded those accounts’ Facebook profiles, mirroring what these 400,000 people would have seen when looking at their own profiles,” the statement said.
“That includes posts on their timelines, their lists of friends, Groups they are members of, and the names of recent Messenger conversations. Message content was not available to the attackers, with one exception. If a person in this group was a Page admin whose Page had received a message from someone on Facebook, the content of that message was available to the attackers,” it added. Facebook stated that they have been working to resolve the security breach discovered two weeks ago, while adding that it did not rule out the possibility of smaller-scale attacks.
Explaining the breach, Facebook said, “The attackers exploited vulnerability in Facebook’s code that existed between July 2017 and September 2018. The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted ‘View As,’ a feature that lets people see what their own profile looks like to someone else. It allowed attackers to steal Facebook access tokens, which they could then use to take over people’s accounts.” Facebook underlined that they would be sending customised messages to the 30 million people affected by the breach of information accessed by the hackers and steps to protect themselves, including from suspicious emails, text messages, or calls. The social networking giant said that the people can check whether their accounts were hacked by visiting ‘Help Center’.