A massive Facebookaffected fewer people than the company originally thought, but millions of users had their phone numbers, emails and other information compromised, the tech giant said on Friday.
In September, the world’s largest social network said it believed the breach impacted 50 million people, after attackers stole Facebook “access tokens” — digital keys that let the hackers access people’s accounts without needing a password. On Friday, the company said about 30 million users had these tokens stolen, not 50 million.
“First, the attackers already controlled a set of accounts, which were connected to Facebook friends,” company VP of Product Management Guy Rosen wrote in a blog post. “They used an automated technique to move from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on, totaling about 400,000 people.”
The company also revealed what user information was put at risk because of the security breach.
About 15 million people had their name and contact details such as emails and phone numbers compromised. About 14 million people had that same information compromised, but the attackers also looked at other details such as a user’s birth date, hometown and where they worked. A total of 1 million people didn’t have any information compromised, according to Facebook.
The company said it’s working with the FBI and that the agency asked it not to discuss who might be behind the attack.
This story is developing.
Infowars and Silicon Valley: Everything you need to know about the tech industry’s free speech debate.
Cambridge Analytica: Everything you need to know about Facebook’s data mining scandal.