A bunch of hackers hacked approximately 30 million Facebook accounts, according to the facebook people, this attack did not include Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts. As we look for other ways the people behind this attack used Facebook, as well as the possibility of smaller-scale attacks, we’ll continue to cooperate with the FBI, the US Federal Trade Commission, Irish Data Protection Commission, and other authorities.
Hackers had gained access to 29 million personal accounts in a massive data breach two weeks ago.
Facebook is regulated by Irish authorities in Europe as its European headquarters is located there. A spokesperson for the Irish data regulator said of Friday’s announcement, “The update from Facebook today is significant now that Facebook has confirmed that the personal data of millions of users was taken by the perpetrators of the attack.”
The attackers exploited a series of bugs on Facebook’s platform. The vulnerability, Facebook said, had existed since July 2017. It wasn’t patched until last month after the company’s engineers noticed some unusual activity that turned out to be the attack. According to The VERGE, Facebook also confirmed that the FBI is actively investigating the hack, but declined to give further details, saying the bureau had “asked us not to discuss who may be behind this attack.” Because of the nature of the “View As” bug, it is likely that Facebook has significant knowledge of the accounts where the attack originated, if not the perpetrators themselves.
The hackers accessed name, email addresses or phone numbers from those 29 million accounts. For 14 million of those accounts, hackers got even more data, such as hometown, birthdate, the last 10 places they checked into or 15 most recent searches. One million other accounts were affected but hackers didn’t gain information.