Facebook has revealed that hackers recently stole the personal information of millions of users from its platform.
On about 29 million of the affected accounts, hackers accessed contact information, such as phone numbers and email addresses, Facebook Inc. said, and a slew of other personal details were exposed on about half of those accounts.
But the breach was not as big as Facebook initially thought. Two weeks ago, when it notified the public of the attack, the Menlo Park, Calif., company said nearly 50 million accounts had been affected before it could find and patch the vulnerability.
The company also said Friday that it saw no evidence that the hackers used Facebook logins to access affected users’ accounts on third-party sites or apps.
On 14 million of the affected accounts, the hackers accessed details including but not limited to user name, gender, language, relationship status, religion, birthday and device used to log on to the social network, Facebook said Friday.
Then there were about 400,000 users who were even more deeply affected. Using a bug in the “View As” feature — which enables a user to view his or her own profile the way someone else sees it — the hackers could see those 400,000 users’ entire profiles, Facebook said.
It said the hackers had access to those users’ friend lists, posts on their timelines, groups each user had joined and the titles of recent conversations the users had held on Facebook Messenger. The content of those messages were not visible, except in limited cases for users who were page administrators, the company said.
The FBI is working to determine who the hackers are and what they intend to do with the information they stole, Facebook said.
The company said it was cooperating with the FBI investigation and could not discuss the hackers’ identities or intentions. Facebook’s vice president of product management, Guy Rosen, said the company had “no reason to believe that this specific attack was related to the midterms” because the hackers targeted a broad base of users. The company declined to provide any further evidence.
“We are constantly working and have a lot of teams focused on activities ahead of the midterm elections,” Rosen told reporters Friday.