The company argued that it would message the affected users to let them know what type of information had been accessed in the attack. However, Facebook confirmed that hackers did not steal personal messages or financial data, and did not use their access to accounts to access users’ accounts on other websites.
The attackers took profile details, such as birth dates, employers, education history, religious preference, types of devices used, pages followed, and recent searches and location check-ins from 14 million users. Moreover, the breach was restricted to name and contact details for the other 15 million users. In addition, attackers could see the posts and lists of friends and groups of about 400,000 users.
Facebook cut the number of affected users from its original estimate, after investigators reviewed activity on accounts that may have been affected. Cyber security experts warned that attackers could use stolen information in targeted phishing scams.
The US Federal Bureau of Investigation has asked the company to limit descriptions of the attackers due to an ongoing inquiry. However, Facebook affirmed it was continuing to investigate whether the attackers took actions beyond stealing data, such as posting from accounts, but had not found additional misuse.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.