However, the social networking giant has now confirmed that the security breach has actually affected nearly 30 million accounts, which is less than the originally estimated 50 million. Additionally, hackers weren’t able to access more sensitive information like password or financial information, as well as third-party apps weren’t affected, the company said. Of the 30 million accounts, hackers were able to successfully access personal information from 29 million Facebook users. However, the hackers were not able to get access to information about the accounts of one million people. Out of those 29 million accounts, hackers were able to name and contact details (phone number, email, or both, depending on what people had on their profiles) of 15 million people. Further, in case of another 14 million people, besides stealing information in regard to name and contact details, they also stole other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. “First, the attackers already controlled a set of accounts, which were connected to Facebook friends. They used an automated technique to move from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on, totalling about 400,000 people. In the process, however, this technique automatically loaded those accounts? Facebook profiles, mirroring what these 400,000 people would have seen when looking at their own profiles,” said Guy Rosen, Facebook Vice President of Product Management in a news release. “That includes posts on their timelines, their lists of friends, Groups they are members of, and the names of recent Messenger conversations. Message content was not available to the attackers, with one exception. If a person in this group was a Page admin whose Page had received a message from someone on Facebook, the content of that message was available to the attackers,” he added. Besides this, Rosen also added that the attackers had no information to data from “Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.” Facebook stated that while they are continuing to investigate and are working to resolve the security breach discovered two weeks ago, they do not rule out the possibility of smaller-scale attacks. The social networking is working with the FBI, the US Federal Trade Commission, Irish Data Protection Commission, and other authorities to investigate who might be behind the breach. In the coming weeks, Facebook also plans to send customised messages to the 30 million people affected to explain what information the hackers might have accessed, and steps to protect themselves, including from suspicious emails, text messages, or calls. Facebook said that affected people can check whether their accounts were hacked by visiting ‘Help Center‘.
