Two weeks ago, Facebook announced that a flaw with its “View As” feature allowed hackers to compromise up to 50 million accounts. Today, the company is out with more specific details on the security breach and has shared exactly what information was stolen and for how many users.
In a newsroom post today, Facebook’s VP of product management, Guy Rosen, detailed what it has found in the investigation of the attack. While it has confirmed that about 30 million of the previously estimated 50 million users have had information compromised, it also says that more attacks may have taken place.
The vulnerability that was used in the attacks existed for over a year, from July 2017 to September 2018. Here’s how the hackers exploited the flaw:
Using those access tokens, the attackers were able to gain access to personal information for roughly 30 million users. About half had their name, contact details including phone number and email exposed, while the other half had detailed information including birthdate, current city, and location data comprised.
Facebook says users can find out if they were victims of this attack by heading to its Help Center. Facebook is also going to reach out to all affected users and explain what information was compromised.
Facebook also shared that it is working with the FBI, US FTC and other officials to figure out who was behind this attack and other potential hacks that have yet to be revealed.
If this latest news if giving you second thoughts about continuing on with Facebook, check out our guide on how to deactivate or delete your account as well as change your privacy settings.