Two weeks ago, Facebook announced a security breach that allowed hackers to steal the data of millions of Facebook users. Today, they shared information on just how much data the hackers accessed.
The hackers had taken advantage of security flaws in the code of the social network’s “View As” feature, which allows users to see what their profile looks like to other users. Hackers used the flaw to steal access tokens, which are digital “keys” that allow users to stay logged in to the social network.
The hackers used a set of accounts that they controlled that were connected to Facebook friends, using an automated technique to move from account to account, collecting the access tokens in September of this year.
Hackers then obtained timeline posts, friend lists, groups, and the names of recent Messenger conversations from 400,000 users. They then used their friends list to steal access tokens for approximately 30 million people.
Of those 30 million, the hackers accessed name and contact details, including phone number and email address for 15 million users.
14 million users had the same information accessed, along with other data, including: username, gender, location, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places where they checked in, websites, people, Pages they follow, and 15 most recent searches.
Another 1 million users had their access tokens stolen, but had no other information stolen.
Facebook users wishing to learn if they were affected can find out through the Facebook Help Center. Facebook also plans to send customized messages to the 30 million users affected by the attack, with an explanation as to what information the hackers might have stolen.