MENLO PARK, CA (CelebrityAccess) — Facebook on Friday revealed more details about the hack they disclosed last month, saying the breach allowed attackers to harvest millions of phone numbers and email addresses from the social media giant’s users.
In a blog post on Friday, Facebook said the attackers exploited a vulnerability in Facebook’s code that existed between July 2017 and September 2018. The exploit allowed the attackers to use 400,000 compromised accounts to steal access tokens from the user’s Facebook friends and then friends of friends.
However, Facebook said that the attack affected fewer users than initially thought.
“Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen,” Facebook’s Guy Rosen, VP of Product Management said in the post.
“For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. For 1 million people, the attackers did not access any information,” Rosen added.
Facebook said that users can check to see if they were affected by the breach via the company’s Help Center and said that in coming days, they will send customized messages to the 30 million affected users providing additional information and resources.
Rosen also noted that the compromise did not extend to Facebook’s Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.
The revelation of the data compromise is just the latest blow suffered by the social media company this year. The company faced strong criticism over its handling of disinformation campaigns during the 2016 election, leading to several key Facebook execs, including Mark Zuckerberg and Sheryl Sandberg both being summoned to testify in front of a Senate subcommittee.
Since July, when the company’s market cap briefly passed $1 trillion USD, the company has lost roughly 30% of its value, with shares trading at $153.74 at close on Friday.