Nearly 30 million Facebook accounts were compromised in the latest security breach, the company announced Friday, about 20 million fewer than originally thought.
Guy Rosen, Facebook’s vice president of product management, wrote an update about the investigation into the bug, which was first reported at the end of September.
Mr. Rosen said the hackers gained access to about 400,000 accounts, which they used to steal login access tokens for 29 million accounts. Of those, 15 million had their name and contact information — phone number or email — compromised.
The attack was worse for another 14 million that not only had their name and contact information stolen, but also profile details such as hometown, self-reported current city, birthday, and the last 10 places they were checked in or tagged at.
The post said the bug rooted in the “View As” feature was discovered and shut down within two days. Officials are still looking into “smaller-scale” hacks.
The feature remains shutdown, and the stolen access tokens, which keep users logged in but allowed the hackers to control their accounts, were reset.
Facebook is cooperating with the FBI’s investigation into the security breach and therefore will not reveal the suspects behind the hack.
• Gabriella Muñoz can be reached at gmunoz@washingtontimes.com.
Please read our comment policy before commenting.