The attackers were able to steal access tokens for about 30 million accounts in total, reports Facebook.
Facebook has said the attackers gained the ability to "seize control" of those user accounts by stealing digital keys the company uses to keep users logged in. Now, Rosen is reducing that estimate down to around 30 million who 'actually had their tokens stolen. The message will only appear if you're one of the 30 million people whose accounts were compromised, and if you are, the message will state to what extent your information has been compromised.
"In the process, however, this technique automatically loaded those accounts' Facebook profiles, mirroring what these 400,000 people would have seen when looking at their own profiles". The company has closed the vulnerability, stopped the attack, and secured the accounts by resetting the access tokens for those who were potentially exposed.
On Friday Facebook announced that those hackers had easily accessed names, phone numbers and email addresses from these accounts. This should not have an effect on passwords, but if you are experiencing problems while logging in, you can go here. It's a pretty extensive list: user name, gender, locale or language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places you checked into or were tagged in, your website, people or Pages you follow and your 15 most recent searches. For 1 million people, the attackers did not access any information.
Facebook's lead European Union data regulator, the Irish data protection commissioner, last week opened an investigation into the breach.
While hackers used access tokens to fool the site into thinking the login was authorized, there's no indication they had access to Facebook passwords, and it may not be necessary to change them.
Meghan Markle opens up about pregnancy symptoms - details
Meghan Markle has confirmed while on a royal tour of Australia that she's the type of guest anyone would like to invite over. Meghan's done some things with my dad, but in my heart, I love her and I want her and the baby to do well.
So far, there's no sign that the attackers accessed third-party apps, Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, or advertising/developer accounts.
Facebook Vice President Guy Rosen said in a Friday call with reporters that the company hasn't ruled out the possibility that other parties might have launched other, smaller scale efforts to exploit the same vulnerability before it was disabled.
Facebook, the world's largest social media network with more than 2 billion users, has faced rising criticism that it has failed to protect people's privacy.
We now know that fewer people were impacted than we originally thought.
"This doesn't sound very targeted at all", he said.
The company says it is now cooperating with the Federal Bureau of Investigation "which is actively investigating and asked us not to discuss who may be behind this attack".
- European Union calls for new proposals from Theresa May to break Brexit deadlock
- Drug-resistant salmonella from chicken sickens almost 100 in U.S.
- Deaths Of Missing Wisconsin Girl’s Parents Ruled Homicide
- Bellinger leads off vs. Brewers in Game 5
- Meghan brings a gift to Dubbo farm family
- Italian PM to EU: 'No room' for modifications on budget
- Mysterious Paralyzing Illness Like Polio Found Among Kids in 22 States
- Man Booker prize winner will pay off debts with award money
- M.J. Akbar resignation: Better late than never, says Opposition
- Federal Reserve unanimously backed higher interest rates, despite Trump