Facebook said on Friday that in the large-scale security breach announced by the company at the end of last month, hackers logged into a total of about 30 million user accounts and stole the names and contact information of 29 million accounts. Facebook found that there was no high-privacy information or financial data taken in the incident, and Facebook login information was not used to log in to other websites. Once these incidents occurred, it would have caused more anxiety.
Among the users affected by this incident, 14 million users have stolen information including birthdays, employers, education levels, and buddy lists. This information can make scammers disguise themselves as Facebook itself, employers or friends, and send emails to users. Deceive it to provide login information on a fake web page, or trick it into clicking on an attachment to invade a user’s computer.
Facebook published a blog post: “We are working with the FBI, which is actively investigating and asking us not to discuss the main messenger behind the attack.”
Earlier, Facebook disclosed at the end of September that hackers had stolen the digital login code of nearly 50 million user accounts, the most severe security breach in the company’s history. But at the time, Facebook did not confirm whether the user information was stolen.
Facebook’s latest security vulnerability has existed since July 2017, but the company did not find this vulnerability until mid-September this year when Facebook found that its use of “view as” privacy features increased. Subsequently, Facebook decided on September 25 that this was an attack.
“We closed the vulnerability within two days, prevented the attack and restored the access token of the user whose information might be exposed, providing security for it,” Facebook said.
The so-called “view as” feature allows users to check their privacy settings, but three vulnerabilities in Facebook software enable hackers to take advantage of this feature to post and view information from other users’ Facebook accounts.
After the incident was exposed last month, Facebook shares fell 2.6%, and after releasing the above update on Friday, the stock fell more than 1%.