On a conference call with reporters, Vice President of Product Management Guy Rosen said that at the request of the Federal Bureau of Investigation, which is investigating the hack, Facebook isn't providing any information about who the attackers are or their motivations or intentions.
Hackers stole personal information such as phone numbers and emails from as many as 30 million Facebook users as part of the most significant security breach in the company's history. The attack started out with the theft of tokens belonging to 400,000 people, which were then used to steal access tokens from the Facebook friends of those 400,000 people and onward until 30 million were hit.
Hackers did not steal personal messages or financial data and did not use their access to accounts to access users' accounts on other websites, Facebook said.
In a blog post providing the update, Guy Rosen, Facebook's vice president of product management, wrote that the hackers used an automated technique to steal access tokens of about 400,000 people, ultimately getting the tokens of 29 million users.More news: Best Google Pixel 3 Cases: The Ultimate List (2018)
For 14 million of the accounts, information included hometown, birthdate, the last 10 places they checked into or 15 most recent searches.
Facebook originally estimated that up to 50 million users had their information exposed, but that number has since dropped down to around 30 million. Facebook will also send messages directly to those people affected by the hack.More news: Soyuz Space Vehicle Designed to Safely Return Crew in Any Conditions - ASI
Facebook isn't giving a breakdown of where the users are located, but said the breach was "fairly broad". As we reported earlier, hackers used Security Tokens to access profiles of over 50 million users. Earlier this week the company said it had purged roughly 800 accounts and publishers that were sending out politically-motivated spam about the upcoming US midterm elections, sparking renewed controversy that Facebook is censoring political speech. But three errors in Facebook's software enabled someone accessing "view as" to post and browse from the Facebook account of the other user. Rosen said he can't rule out that the different campaigns exploited the same vulnerability during that time.
On September 25, the trend was identified as an attack, prompting programmers to close the vulnerability, which happened within two days, the tech chief said.
However it also said that the total number of users affected by the incident was smaller than initially assumed.
This is very bad for Facebook.More news: Hushand divorces wife after seeing her with another man on Google Maps
Last month, Facebook launched an investigation with the FBI and released a statement in response the the breach.