In a call on Friday, Facebook officials said that the FBI is “actively investigating” the breach, which impacted nearly 30 million (down from the 50 million reported last month), including 14 million users who had additional information hacked, including their location, religion and search histories.
According to the company, it still does not know the full extent of the attack, and other smaller-scale attacks may have been linked to the breach.
Facebook said that the attack was discovered earlier this week, and that the hacker or hackers exploited a security flaw in the system to take over the accounts. The flaw was in relation to the “View As” option that allows people to see what their personal profile would look like to someone viewing it.
Guy Rosen, the Vice President of Product Management stated that they’ve fixed the vulnerability and informed law enforcement. He noted that they have reset the access tokens to the millions of accounts that were affected. An additional 40 million accounts will also get that treatment as a precaution. The “View As” option is also being turned off.
According to Facebook, those hit hardest by the hack had their "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches,” all accessed.
As they continue their internal investigation, Facebook has notified users whose information has been hacked. In a message, they shared additional information with users affected:
“We have more information about the security incident we discovered on Sept. 25, 2018. An unauthorized third party accessed your name, email address and phone number. We acted quickly to secure the site and took action to protect your account, and we're working closely with law enforcement to address the incident. Learn more about how your account was affected and what you can do in the Help Center.”
Facebook CEO Mark Zuckerberg, a White Plains native who attended Ardsley High School, said that “we face constant attacks from people who want to take over accounts or steal information around the world. While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.”
Click here to follow Daily Voice Norwalk and receive free news updates.