Hackers accessed 29M Facebook accounts and stole personal data
NEW YORK — Facebook says hackers accessed a wide swath of information — ranging from emails and phone numbers to more personal details like sites visited and places checked into — from millions of accounts as part of a security breach the company disclosed two weeks ago.
Twenty-nine million accounts had some form of information stolen. Originally Facebook said 50 million accounts were affected, but that it didn’t know if they had been misused. The news comes at a jittery time ahead of the midterm elections when Facebook is fighting off misuse of its site on a number of fronts.
On Friday Facebook said hackers accessed names, email addresses or phone numbers from these accounts. For 14 million of them, hackers got even more data, such as hometown, birthdate, the last 10 places they checked into or the 15 most recent searches.
An additional 1 million accounts were affected, but hackers didn’t get any information from them. Facebook isn’t giving a breakdown of where these users are, but says the breach was “fairly broad.” It plans to send messages to people whose accounts were hacked. Facebook said third-party apps that use a Facebook login and Facebook apps like WhatsApp and Instagram were unaffected by the breach.
Facebook said the FBI is investigating, but asked the company not to discuss who may be behind the attack. The attackers gained the ability to “seize control” of user accounts by stealing digital keys the company uses to keep users logged in. They could do so by exploiting three distinct bugs in Facebook’s code.