Facebook’s major hack, announced two weeks ago, affected 30 million people, not 50 million as originally feared.
But for about half of those whose accounts were broken into—about 14 million people—the hackers accessed intimate information, such as the last 10 places that person checked into, their current city and their 15 most-recent searches, the company said Friday. For 15 million, the cyberthieves only accessed name and contact information. The attackers didn’t take any information from about 1 million people whose accounts were vulnerable.
A smaller slice of people was more heavily affected. About 400,000 people served as the hackers’ entry point to the 30 million others on Facebook. For those 400,000, the attackers could see what the users see as they look at their own profiles. That included posts on their Facebook timelines, and names of recent Facebook Messenger conversations.
The attackers wrote a computer code that crawled the compromised pages and copied information, which is known as “scraping.” That could leave victims vulnerable to further fraud attampts if the hackers still have their contact information and personal details. Facebook said it would reach out to affected users about the potential hazards and details of the breach.
The hack, one of the worst in Facebook history, comes at a time when the social network is desperately trying to regain trust with its users.
Facebook did not reveal whether there was any specific group targeted by the hackers, the geographic location of the victims, or any potential motive. Facebook said the Federal Bureau of Investigation is investigating and asked for some details to remain confidential.
Facebook also said that no third-party apps were breached as part of this attack. There had been concerns about whether hackers could access outside apps that use Facebook login credentials, but that turns out not to have been the case.
—Bloomberg News and Ad Age staff