Hackers hit 30 million users: Facebook
FACEBOOK has revealed that millions of email addresses, phone numbers and other personal user information were compromised during a recent security breach.
The social media giant, which has more than two billion users worldwide, announced last month that engineers had discovered a “security issue” which affected 50 million accounts.
Yesterday, the company’s vice-president of product management, Guy Rosen, said “fewer people were impacted than we originally thought”, with access tokens stolen from around 30 million accounts.
Access tokens work as digital keys, letting those who hold them log into Facebook accounts without entering a password.
Shedding new light on the hack, Mr Rosen said the attackers used an “automated technique” to move from account to account, stealing tokens of friends-of-friends, “totalling about 400,000 people”.
This pool of 400,000 users allowed them to steal access tokens from 30 million, he continued. He wrote: “For 15 million people, attackers accessed two sets of information — name and contact details (phone number, email, or both, depending on what people had on their profiles).
“For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship Statement: Guy Rosen, Facebook and any of their other services, such as Spotify, Instagram or Tinder, which accept Facebook access tokens.
Messages between accounts were not compromised by the hackers, Mr Rosen said, except if the person was an admin whose page had received a message.
Facebook staff first noticed an “unusual spike of activity” that began on September 14. On September 25, the trend was identified as an attack, prompting programmers to close the vulnerability, which happened within two days, the tech chief said.
“We’re cooperating with the FBI which is actively investigating and asked us not to discuss who may be behind this attack,” his blog continued. Facebook users can check if they are affected by visiting its help centre.