Facebook thinks the hackers that stole 29 million users' info were spammers not a nation state
- Facebook says 30 million users were affected by the massive hack it first disclosed two weeks ago.
- On Friday, the social-networking firm revealed more details about the attack — and said the FBI had asked it not to reveal who might be behind it.
- Hackers accessed millions of victims' highly sensitive personal data, including locations, relationship information, recent searches, and birth dates.
On Friday, Facebook provided more details about the attack that it first disclosed two weeks ago — and said the FBI had asked it not to discuss who might be behind the attack.
In its update, Facebook said that the company was cooperating with the American law-enforcement agency and that 30 million people were affected, down from its original estimate of 50 million. In the case of 14 million victims, the attackers gained access to a variety of data including locations, contact details, relationship status, and recent searches — highly sensitive data that could be used to facilitate identify theft.
It appears to be the worst hack in Facebook's 14-year history.
The hackers were able to exploit vulnerabilities in Facebook's code to get their hands on "access tokens" — essentially digital keys that give them full access to compromised users' accounts — and then scraped users' data.
"We're cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack," the Facebook executive Guy Rosen wrote in a blog post.
"We now know that fewer people were impacted than we originally thought. Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen."
For 14 million victims, the attackers accessed a trove of user highly sensitive data, including gender, relationship status, religion, hometown, current city, birth date, devices used to log in, education, locations checked into, pages followed, recent searches, name, and contact details.
For another 15 million, the hackers accessed less information — only name and contact details.
And for 1 million affected users, the hackers did not access any information.
Users can check whether they were affected, and what information was accessed, by visiting Facebook's help center.