The unknown hacking group took advantage of a vulnerability resided in the View As feature.
The initial release of the hack estimated that at least 50 million users’ accounts could have been affected. However, the release today downgraded the number to 30 million.
It is worth to mention that according to Facebook, hackers did not manage to use the stolen access tokens to connect any third-time app data.
Facebook Security Breach Update
A blog post published on October 12 by Facebook Vice President of product management Guy Rosen, updates users with the further details on the data breach and hackers managed to successfully access personal data from 29 million accounts.
Hackers managed to access usernames and contact information such as phone numbers, email addresses from approximately 15 million Facebook accounts.
In addition, attackers managed to access even more from 14 million Facebook users. The accessed data include usernames and contact information and other personal details listed on users’ profiles, such as gender, language, religion, relationship status, date of birth, device types used to access their Facebook account and other data.
Finally, for the rest of the million impacted accounts, hackers did not access any personal data.
According to Guy Rosen, hackers had no data from Messenger, Instagram WhatsApp, Oculus, Pages, payments, Workplace, third-party apps, or advertising or developer accounts.
Any private message content was also not accessed. However, there is an exception for Facebook page administrators who had receive messages from someone on Facebook, because the content of these messages was exposed.
Check if you are one of the affected users
If you want to check if your account was affected by the data breach, you can visit its social network Help Center.
In addition, all of the affected accounts will be informed directly by Facebook. The company notes that the users will be informed what information hackers might have accesses and recommendations what they should do to protect themselves.
“People can check whether they were affected by visiting our Help Center. In the coming days, we’ll send customized messages to the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls.”
Facebook notes that they will continue to cooperate with FBI, the U.S. Federal Trade Commission and other authorities for further investigation on the breach.