“Facebook revealed on Friday that a previously announced security breach on its platform had a wide impact for some users, and it confirmed that the hack compromised personal and contact information,” Ryan Mac reports for BuzzFeed News. “he company said the FBI is actively investigating the hack and asked Facebook not to disclose any potential culprits.”
“The attack, detected in late September, exposed some users’ emails and phone numbers, as well as profile information including gender, location, birth date, and recent search history,” Mac reports. “The attack involved the capturing of Facebook “access tokens,” or digital keys that allow websites to recognize who someone is and keep them logged in. Using accounts they already controlled, the attackers used an “automated technique” to exploit Facebook’s ‘View As’ functionality and steal access tokens for some 400,000 people. Hackers than used friend lists from a portion of those 400,000 affected accounts to obtain access tokens for another 30 million people. ”
Mac reports, “‘For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles),’ the company said in its release. ‘For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.’”
Much more in the full article here.