Two weeks ago, Facebook announced that it discovered a security breach allowing hackers to steal Facebook data from millions of accounts, and today, Facebook has shared exactly what information was stolen and for how many users.
Facebook’s VP of product management, Guy Rosen, detailed what it has found in the investigation of the attack. While it has confirmed that about 29 million users have had information compromised.
Hackers took advantage of a security flaw in the social network’s “View As” code, a feature designed to let people see what their profile looks like to someone else. The Facebook access tokens that hackers were able to obtain are basically digital keys that allow people to stay logged in to Facebook.
Hackers used a set of accounts that they controlled that were connected to Facebook friends. An automated technique was used to move from account to account, allowing them to collect access tokens in September 2018.
Using those access tokens, the attackers were able to gain access to personal information for roughly 29 million users. About half had their name, contact details including phone number and email exposed, while the other half had detailed information including birthdate, current city, and location data comprised.
Facebook says users can find out if they were victims of this attack by heading to its Help Center. Facebook is also going to reach out to all affected users and explain what information was compromised.
Facebook also shared that it is working with the FBI, US FTC and other officials to figure out who was behind this attack and other potential hacks that have yet to be revealed.