Back in September, hackers took advantage in the feature that Facebook has called “view as” and were able to gain access to millions of users accounts. Facebook finally released a state about what the hackers took from the data breach.
According to Facebook’s statement today, the hackers gained access tokens of about 30 million user account that allow them to access the profiles completely. Out of all those 30 million accounts, the breach allowed the hackers to gain access of about 14 million account’s basic contact information and religion, location, gender, device information, location, and the things that they most recently search for the other 15 million account. For the other one million accounts, there were was no information taken.
Facebook has announced that they will let all the users that got hacked know through their Help Center in a couple of days. More importantly, Facebook has stated that there was no data taken from accounts that were linked to Facebook via third-party apps such as apps like WhatsApp, Messenger, and Instagram. Also, during this same time, there were many other minor but more detailed hacks on user’s account that have not be discovered by investigations from Facebook. Along with this information, there is no proof that hackers posted anything on accounts while being in control.
Through Facebook’s statement, more information has been brought forth about the timeline of the hack. The first activity was seen around September 14th but it was not found out until 11 days after the attack that the activity was considered a “hack”. After the report, the vulnerability was then closed after days and was reported to privacy officials and users according the breach disclosure laws.
Also, Facebook has also stated that the FBI have been contacted and the are currently investigating the breach but are not giving out any further data saying the FBI “asked us not to discuss who may be behind this attack”. Since the hack originated from finding a glitch in the “View As” feature, there is a good chance that Facebook has a lead in the accounts that were originally attacked.