Facebook downgrades breach count from 50 million to 30 million users

Facebook said today the number of users who had their Facebook authentication tokens stolen in a security breach that took place last month is actually 30 million, and not 50 million, as the company initially announced. Attackers stole authentication tokens for these 30 million accounts, but they also stole additional data for 29 million, Facebook said.

  • For 15 million users, attackers harvested name and contact details (phone number, email, or both, depending on what people had on their profiles).
  • For 14 million users, attackers harvested the same info as above, plus username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.
  • For 1 million, attackers only collected access tokens.

The social network said it’s working with the FBI to identify the attackers, and could not reveal additional information about the source of the attacks. But while answering questions in a phone conference today, Guy Rosen, Facebook’s VP of Product Management, said Facebook did not identify attempts to use any of the stolen tokens.

Even if the attackers had tried to use the tokens, they wouldn’t have worked, Rosen said, the reason being that Facebook had invalidated all the stolen tokens on September 28. Rosen also said Facebook did not find any evidence suggesting the tokens were used with the Facebook Login feature either, which would have allowed the attacker to log into third-party apps via Facebook tokens. The Facebook exec also went into more details on how the attack unfolded.

He said attackers initially used accounts under their direct control, which they had likely created, to exploit the vulnerability in the “View As” feature and steal tokens for the friends of those original accounts. They then used the same vulnerability over and over again until they gathered tokens for around 400,000 accounts, which Rosen referred to as “seed accounts.”

Once they had the tokens for the seed accounts, Rosen said the attackers used the tokens to access the 400,000 accounts and deployed scripts to harvest even more tokens at a larger and automated scale. This action triggered a massive traffic spike, which Facebook engineers detected on September 16, and following investigations into the source of the traffic concluded it was a coordinated attack on September 26, patched the View As vulnerability on September 27, and went public with the breach on September 28.

“In the coming days, we’ll send customized messages to the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls,” Rosen added separately, in a blog post.

Mockups of those messages are available below.

Until then, Facebook also launched a Help Center page where everyone can go and see if they’re one of the 30 million unlucky users who had their token stolen.

Facebook downgrades breach count from 50 million to 30 million users Facebook

Previous and related coverage

Razer Mamba Wireless MouseRazer Mamba Wireless Mouse The Razer Mamba Wireless features battery life of up to 50 hours on a single charge. Enjoy enhanced tracking accuracy with our acclaimed Razer 5G Advanced Optical Sensor featuring true 16,000 DPI. Equipped with Razer¿ Mechanical Mouse Switches, experience extended durability of up to 50 million clicks. Get more control with 7 programmable buttons through Razer Synapse 3 Depth: 125.7 MM Extended battery life of up to 50 hours Razer 5G Advanced Optical Sensor with true 16,000dpi Durable up to 50 million clicks Advanced ergonomics with improved side grips Up to 450 inches per second (IPS) / 50 G acceleration Razer Chroma lighting with 16.8 million customizable colour options Razer Synapse 3 enabled Razer Mechanical Mouse Switches with 50 million clicks life cycle Height: 43.2 MM Width: 70 MM - More Info - EAN: 8886419332602

Razer Mamba Wireless MouseRazer Mamba Wireless Mouse The Razer Mamba Wireless features battery life of up to 50 hours on a single charge. Enjoy enhanced tracking accuracy with our acclaimed Razer 5G Advanced Optical Sensor featuring true 16,000 DPI. Equipped with Razer¿ Mechanical Mouse Switches, experience extended durability of up to 50 million clicks. Get more control with 7 programmable buttons through Razer Synapse 3 Depth: 125.7 MM Extended battery life of up to 50 hours Razer 5G Advanced Optical Sensor with true 16,000dpi Durable up to 50 million clicks Advanced ergonomics with improved side grips Up to 450 inches per second (IPS) / 50 G acceleration Razer Chroma lighting with 16.8 million customizable colour options Razer Synapse 3 enabled Razer Mechanical Mouse Switches with 50 million clicks life cycle Height: 43.2 MM Width: 70 MM - More Info - EAN: 8886419332602

Boo Exercise Dog (GUND) Soft ToySocial media can&39;t get enough of The World&39;s Cutest Dog Boo has over 16 million fans on Facebook not to mention his millions of fans on Instagram Twitter and other social media Age grade 1 hand washable and CE marked - More Info - EAN: 0028399108305

Boo Exercise Dog (GUND) Soft ToySocial media can&39;t get enough of The World&39;s Cutest Dog Boo has over 16 million fans on Facebook not to mention his millions of fans on Instagram Twitter and other social media Age grade 1 hand washable and CE marked - More Info - EAN: 0028399108305

Kurt Cobain Guitar - Maxi Poster - 61 x 91.5cmKurt Cobain, featured above, was the lead singer and guitarist of the rock band called Nirvana, which as a band have sold over 50 million albums world wide and 25 million in the US alone. The singer died on April the 5th 1994, aged 27. - More Info - EAN: 5028486083299

You may also like...

       
Apps & Games Clothing Electronics & Photo Large Appliances
Baby Womens Apparel Garden Lighting
Beauty Mens Apparel Outdoors Luggage
Books Girls Apparel Health & Personal Care Pet Supplies
Car Boys Apparel Home Shoes & Bags
Motorbike Computers & Accessories Kitchen Equipment Sports & Outdoors
Fashion DIY & Tools Jewellery Toys & Games