Facebook Says Hackers Accessed Sensitive Information on 29 Million People
By RJ Johnson - @rickerthewriter
October 12, 2018
Last month, Facebook disclosed a possible security vulnerability that allowed hackers to access sensitive personal information from their account. On Friday, Facebook released an update on their investigation into the hack, saying far fewer people were affected by the attack than initially believed.
According to the blog post, instead of the company's initial estimate of 50 million accounts being compromised, 29 million accounts were affected by the security flaw discovered in Facebook's "View As" feature. The vulnerability allowed hackers to access a person's sensitive personal information, including their relationship status, hometown, education, the last ten places the user checked in at, and the 15 most recent searches the user performed, the company wrote.
For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. For 1 million people, the attackers did not access any information.
Facebook's security team says they were able to discover the hack after seeing an unusual spike in traffic that began on Sept. 14. After a short investigation, the team determined a hack was underway, and worked with engineers to identify the vulnerability. Within two days, a patch was issued, stopping the attack and securing people's accounts.
As a precaution, Facebook turned off the 'View As' feature. People can check to see if they were affected by the vulnerability by visiting a Facebook Help Center online, located here. The company contacted the FBI who is actively investigating the attack, the blog post said.
Two week ago, Facebook disclosed the security vulnerability found in the company's "view as" feature that allowed hackers to possibly take over a person's profile. The company initially believed 50 million accounts had been compromised, and even reset up to 90 million accounts as a precaution. The number was revised down by Facebook's security team in its update on Friday.
Photo: Getty Images