Facebook hackers have accessed more private information than previously revealed

Hackers have had access to much more private information in a recent Facebook flaw than revealed by the social media giant.

Two weeks ago, Facebook announced that 50 million users were affected, with a possibility of 40 million more. The company has therefore reset the "access tokens" or digital keys of 90 million accounts.

The breach forced users to reconnect to their accounts.

On Friday, the company said that there were actually fewer users – 30 million – who were affected by the violation.

But hackers have gone further in user profiles than originally planned, the company also announced Friday.

Nearly half of those affected – about 14 million users – had their user name, gender, location / language, relationship status, religion, hometown, current city declared, date of birth, types of devices used to access Facebook, education, work, the last 10 places in which they visited or where they were identified, their website, the people or pages that they follow, as well as the 15 most recent searches, "wrote the company's vice president of product management, Guy Rosen, in a blog.

These details were exposed between September 14 and 25 of this year, when the company first discovered the security breach due to a sudden surge in activity. But the software bugs have made vulnerable user information from July 2017 to September 2018.

Previously, the company had indicated that only the profile information exposed in the "View as" feature was available, namely a user's name, gender, and hometown.

Facebook

From 400,000 to 30 million

Hackers did not immediately access all affected accounts. The hack started with 400,000 profiles, then used the "Friends" and "Friends of Friends" features to get "digital keys" for 30 million people, Rosen wrote.

Then, "For 15 million people, the attackers accessed two sets of information – their name and contact information (phone number, email or both, depending on what people had on their profile). 39, information, "wrote Rosen.

For some users, the last four digits of their credit card could have been accessed, Rosen said during a follow-up call with reporters.

File-AFP / Getty Images

The information that hackers had access to includes timeline publications, friend lists, Facebook groups, and "last messenger names". The company stated that the actual content of the messages was not revealed unless "one person in this group was an administrator of the page whose page had received a message from someone on Facebook, the content of this message being available to attackers. "

Rosen said Facebook was cooperating with the FBI's ongoing investigation into the violation, but would not give any details about the identity of the hackers or where they were based.

"We have not ruled out the possibility of smaller scale attacks, which we continue to investigate," he added.

"For 1 million people, the attackers did not have access to any information," Rosen said.

To find out if your account has been assigned, Facebook has provided this link. Scroll down.

This attack did not include Messenger, Kids Messenger, Instagram, WhatsApp, Oculus, Workplace, Pages, Payments, third-party applications or advertising or developer accounts, Rosen writes.