Recently, Facebook reported about data breach in which hackers used a flaw in Facebook’s “view as” feature to gain unauthorized access to millions of accounts. Now, the company has released a new statement, revealing more details related to the security breach.
After initially saying that the breach had impact on 50 million user accounts, the social media giant now says that the attackers stole data from 29 million accounts, fewer than what was initially reported. The company also said it would message affected users over the coming days to tell them what type of information had been accessed in the attack.
Facebook reveals that the information that was gained by the attackers includes name and contact info — phone numbers and emails — for all 29 million people. The hackers also collected a lot of other information on 14 million of those 29 million users, including but not limited to “gender, locale/language, relationship status, religion [and] hometown.”
The company says that additional 1 million accounts were also affected, but hackers didn’t get any information from them. It also added that third-party apps that use a Facebook login and Facebook apps were unaffected by the breach.
FBI is investigating the issue and Facebook says that it has been asked not to discuss who may be behind the attack. The company said it hasn’t ruled out the possibility of smaller-scale attacks that used the same vulnerability.
The attackers used the “view as” flaw with “a small handful” of accounts they controlled to capture data of their Facebook friends. They began with a set of accounts they controlled, then used an automated process to access the digital keys for accounts that were “friends” with the accounts they had already compromised. That expanded to “friends of friends,” extending their access to about 400,000 accounts, and went on from there to reach 30 million accounts.
Facebook has dealt with a lot of security and privacy issues so far in 2018, including its Cambridge Analytica scandal in which millions of users’ personal data was collected and sold to an outside political research firm. With this newly reported security breach, Facebook could end up paying up to $1.63 billion in fines, which is around 4 percent of its $40.7 billion global revenue for the last financial year.
