30 million Facebook users have personal data accessed by hackers

For one million accounts affected by the recent breach, hackers didn't gain any information, according to Facebook.

In its message to affected users, Facebook wrote, "We have more information abut the security incident we discovered on September 25, 2018". For 14 million, the attackers were also able to scrape virtually all the other data available on members' profile pages.

But you don't have to wait for Facebook to get in touch with you to find out if you have been affected. On Friday, the company revised its estimate to "about 30m". The Nasdaq composite index gained 2.29 per cent. Namely, 20 million fewer accounts had their tokens stolen than what Facebook originally projected.

The social network in late September did not confirm if the information had actually been stolen.

In a conference call today, Facebook's Guy Rosen said that the company was working with the Federal Bureau of Investigation, but had been advised not to comment on who the perpetrators might be. It would be nearly two weeks before the activity was determined to be a legitimate attack, and the exploit patched. He declined to offer a location breakdown of where affected users live, but said the attack was fairly broad.

Facebook has revealed that millions of email addresses, phone numbers and other personal user information were compromised during a recent security breach. The company said Friday there's no evidence this is related to the midterms.

The automated process the hackers used to target their Facebook friends would load their profiles through the "View As" tool, which let people see how their profiles looked to others. Facebook users should also be wary of messages or emails claiming to be from Facebook, the company said.

The vulnerability was introduced in July 2017 when a feature was added that allows users to upload happy birthday videos.

"This attack did not include Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts", Facebook vice president of product management Guy Rosen said in blog post-with one exception. All you have to do is visit this security notice page on Facebook. Facebook also provided a list of the kind of data that was stolen/used by hackers during the breach. Authorities in other jurisdictions including the U.S. states of CT and NY are also looking into the attack.

Regulators around the world have ongoing inquiries into another matter that came to light in March: How profile details from 87 million Facebook users were improperly accessed by political data firm Cambridge Analytica. Rosen did state the company does not believe the attack was directly related to the upcoming U.S. midterm elections. Both incidents could further fuel a congressional push for a national privacy law to protect U.S. users of tech company services.

Vanessa Coleman

Comments