As a part of a security breach into the company that was disclosed by Facebook two weeks ago, hackers accessed a wide swath of information which varied from emails and phone numbers to more private details like the websites visited and places checked into. The breach was up to such an extent that millions of accounts were accessed.
As per the details, around twenty-nine million accounts had some form of information stolen. As per the original statement, Facebook claimed that around 50 million accounts were affected, but asserted ignorance if all of it was misused.
The news has got significance at a time after the midterm elections when Facebook is fighting off misuse of its social media site on a number of fronts. But the company made it clear on Friday that there is no evidence in this regard that it was related to the midterms.
On Friday Facebook announced that those hackers had easily accessed names, phone numbers and email addresses from these accounts. And specifically, 14 million out of them, hackers managed to acquire even more data, such as hometown, the last 10 places they checked into, birthdate and the 15 most recent searches.
But hackers were not able to get any information out of another additional 1 million accounts that were affected.
But all said, Facebook is not getting into the details of breakdown for the accounts hacked of where these users are, but says that the breach was “fairly broad”. Now it plans to come up with messages to people whose accounts were hacked.
Facebook also cleared the dust over the users who use third-party apps that uses a Facebook login and Facebook apps like WhatsApp and Instagram and said that all these users were unaffected by the breach.
According to Facebook, the FBI is presently investigating the matter, but directed the company not to discuss about who may be behind the attack. The company said that there is also a possibility of smaller-scale attacks that used the same kind of vulnerability.
The hackers were able to get control of those accounts, according to Facebook, by stealing digital keys the company uses to keeps its users logged in. They were able to do so by taking the help of these three distinct bugs in Facebook’s code.
The hackers started their operation by using a set of accounts they controlled, then after that they utilized automated process to access the digital keys for accounts that were in “friendship” with the accounts that they had already brought under control. The same process was expanded to “friends of friends” with the help of accounts they had already compromised. The whole process extended to about 400,000 accounts and went on to cover about 30 million accounts. There is evidence available that the hackers posted anything or did any other activity by using those accounts.