Facebook Offers New Details About Hacking Of 30M Users’ Data

As a followup to its revelation of a major hack in late September, Facebook offered more details about the breach, putting the exact number of users whose information was raided at 30 million.

In its earlier disclosure about the breach, Facebook said as many as 50 million users were exposed. In a blog post today and a briefing with reporters, executives adjusted the number and gave a detailed explanation of how the hackers pulled it off.

Guy Rosen, VP of product management, wrote in the blog post that the root of the problem was an initial set of accounts belonging to about 400,000 people. Using accounts they had created and connected to users, hackers used “an automated technique to move from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on,” Rosen wrote.

After mirroring what those 400,000 people would see in the course of regular use of Facebook, the hackers got access to the information of 30 million people. For 15 million, Facebook said, hackers accessed both name and contact information (which includes phone number and/or email address, depending on account settings). For another 14 million people, the hackers got other profile data, including gender, relationship status, religion, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.

The remaining 1 million people had their “access tokens” compromised, but no personal information.

Facebook stock, which took a major hit earlier this year after the Cambridge Analytica scandal and founder-CEO Mark Zuckerberg’s apology tour, has since recovered. It isn’t showing major ill effects today, trading down a fraction at $152.95.