Facebook has published more information about the recent attack on the platform and claims that 30 million people have been stolen ‘access tokens’. Initially the company assumed that it was about 50 million people.
In a new blog post Facebook writes that the attackers had access to their name and contact details to 15 million people via the stolen tokens. including telephone numbers and e-mail addresses. In a second category, consisting of 14 million people, there was access to more information. This allowed the attackers with the same data as the first category, but also with profile data. In this way, information was available such as gender, language, relationship status, religious convictions, place of residence, education, work and the 15 most recent searches. In a last category, consisting of 1 million people, there was no access to information.
Facebook says it will inform the affected people in the coming days. Users can also check for themselves whether their data have been viewed, via a help page . Facebook states that his other services were not affected by the attack, such as Messenger, Instagram, WhatsApp and Oculus. Previously, the company had already announced that apps from third parties using Facebook Login were not affected .
In his current message, the company writes that it had identified ‘suspicious activity’ on September 14 and that it Eleven days later it became apparent that it was an attack. The misused leak managed to close the company within two days. In a previously published post, Facebook explained that the attackers used a combination of three bugs . The company had told the Irish privacy watchdog that up to 10 percent of affected users were EU citizens. Among the old numbers this was five million, due to the current update this number is possibly lower.