Facebook breach saw 15M users’ names & contact info stolen, 14M’s bios too

Facebook has now detailed what data was scraped and stolen in the breach that was revealed two weeks ago. 30 million users, not 50 million as initially estimated, were robbed of their access tokens by hackers. Users can consult the Facebook Help Center to find out if their information was accessed, and Facebook will send personalized alerts to those affected that detail what was accessed from their account and what they can do to recover. Currently it is not clear if all the information that was accessed was necessarily eliminated.

Facebook's vice president of product management, Guy Rosen, told reporters in a press call that "we are cooperating with the FBI in this matter" and that "the FBI has not asked us to discuss who may be behind of this attack ", since his own investigation is ongoing. The disclosure of information about the perpetrator could now make them cover clues.

15 million of the 30 million users had access to their name plus phone number and / or email. 14 million had that information and potentially more biographical information, including "username, gender, location / language, relationship status, religion, hometown, current self-reported city, date of birth, types of devices used to access Facebook, education, work, the last 10 places where they were registered or tagged, website, people or pages that follow, and the 15 most recent searches. "The remaining information of 1 million users was not accessed.

Other Facebook applications, such as Messenger, Messenger Kids, Instagram, WhatsApp, Workplace and Pages, as well as their functions for payments, third-party applications, advertisers and developers, were not accessed Facebook says that the police authorities asked him not to discuss the evidence about who committed the attack while the FBI continues its investigation.

Facebook says the breach began when hackers access chips with some exploited a combination of three errors related to your privacy function "View as" to view your profile from the perspective of another person. This allowed them to access the friends of those accounts, which led them to steal the 400,000 access tokens, and used a different method to then get the chips from 30 million of their friends.

Unlike most infractions, this seems to have turned out to be less severe than originally expected. It seems that users are already forgetting the gap after a small setback in which they had to log back into Facebook. It is possible that this could have a little impact on Facebook users in their third quarter earnings report. Although a truly infamous use case is revealed for the accessed data, the breach could fade into the noise of uninterrupted cybersecurity failures across the web, including Google + user data exposure [Correct: not a breach since there’s no evidence that data was stolen] hid and now has caused the Facebook competitor

But even if users forget, the biographical details stolen from this gap will remain in the dark corners of the Internet forever. When most violations occur, you can change your password. Unfortunately, there are no changes in your birth date, education, work history and more.