Facebook Says Hackers Saw Personal Info of 14 million people
The exposed data included relationship status, birth date, hometown, education and the 15 most recent searches, Facebook said.
Facebook said on Friday that hackers were able to access the personal information of 14 million people through a security flaw that the company first disclosed last month, and that the data exposed included information such as recent check-ins and searches.
Facebook said in a blog post that people would be able to check whether they were affected by the attack by visiting a Facebook help center online. The company also said that in the coming days it would send customized messages to users to explain what information might have been accessed.
The social networking company disclosed two weeks ago that a security flaw in Facebook’s “view as” feature had allowed hackers to see into and potentially take over people’s profiles.
Facebook, the world’s largest social media network with more than 2 billion users, has faced rising criticism that it has failed to protect people’s privacy. It disclosed this year that the personal information of up to 87 million people was taken by the maker of a quiz app and then wrongly handed over to political consultancy Cambridge Analytica.
Facebook did not say who might have been behind the latest attack or if certain groups of people were targeted, but it said it was working with authorities including the FBI to investigate.
The company’s initial estimate was that the recent attack affected almost 50 million accounts, a number it revised down on Friday. In all, the hackers stole “access tokens,” a sort of digital set of keys, of 30 million people, Facebook said in its latest update.
Of those 30 million people, 15 million people had their name and contact details, such as phone number and email address, exposed.
Facebook said that for a second group of 14 million people, the attackers accessed information including “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.”
The breach may have long-lasting effects if the information accessed is used for future hacking attempts, particularly for phishing attacks that use email to trick people into giving up sensitive information and passwords.
“Tens of millions of people impacted by the Facebook data breach are likely to find that they have now become intertwined in systematic phishing campaigns that will persistently target them and the organizations they work for for a long time,” Oren Falkowitz, CEO of security firm Area 1 Security, said in an email.