Facebook says cyber attackers used an automated program that moved from one friend to the next to steal data from 29 million of its user accounts and not the 50 million profiles it initially reported.
Other 15 million users had their names and contact information breached, and 1 million users exclusively had their access tokens stolen; Facebook has reset the access tokens for all of those users. And if yes, Facebook says hackers will not be able to retrieve any more information (that what they have already had access to) from your compromised accounts.
Facebook will notify the 30 million people affected with customized messages to tell them exactly what the attackers accessed from their accounts.
"We now know that fewer people were impacted than we originally thought", Facebook vice president of product management Guy Rosen said in an online post.
The attackers began with a relatively small number of accounts that they directly controlled, exploiting flaws in the platform's "View As" feature to gain access to other users' profiles. "It allowed attackers to steal Facebook access tokens, which they could then use to take over people?s accounts".
Facebook says users can see if they were affected by the attack by accessing the Help Center. Hackers could have obtained this information if people had the data listed on their Facebook profiles, said the company.
Facebook said it plans to send customised messages to the 30 million affected accounts in "coming days".
International Monetary Fund gives credit for reforms under Modi, projects India as fastest growing
Donald Trump's trade wars are starting to have a serious impact on the global economy, the International Monetary Fund has warned. Rising trade tensions are a key challenge to the world economy as "protectionist rhetoric increasingly turned into action".
Air India plane hits wall during take-off
"The plane lost contact with air traffic control officials and landed in Mumbai after around four hours", an official said. At 5.35 AM Friday, after nearly four hours in flight, the aircraft landed in Mumbai.
May to hold Brexit War Cabinet to agree backstop plan
The DUP has threatened to vote against the government's budget if it goes ahead with the plan. It must be one of the worrying questions for Downing Street.
He said the FBI has asked the company " not to discuss who may be behind this attack" or to share other details that could compromise its investigation.
"Today's update from Facebook is significant now that it is confirmed that the personal data of millions of users was taken by the perpetrators of the attack", Ireland's Data Protection Commission, the watchdog agency charged with privacy protection in the European Union, said in a tweet. "The stolen data is likely to be used by the hackers, so this problem is likely to persist for quite some time".
Facebook said last month that it detected the attack when it noticed an uptick in user activity. They then used the same vulnerability over and over again until they gathered tokens for around 400,000 accounts, which Rosen referred to as "seed accounts". The attack began on September 14, but Facebook only realized it was a threat by September 25.
A company executive said on a conference call that Facebook will not provide country-by-country breakdowns of the affected users.
Facebook also said that no third-party apps were breached as part of this attack. "For 14 million people, the attackers accessed the same two sets of information", Rosen wrote.
The company said it has fixed the bugs and logged out affected users to reset those digital keys.
Facebook further outlined the numbers relating to specific information accessed. He said that although the attackers would have the ability to view private message or post on someone's account, there were no signs that they did either of those things.