The company argued that it would message the affected users to let them know what type of information had been accessed in the attack. However, Facebook confirmed that hackers did not steal personal messages or financial data, and did not use their access to accounts to access users’ accounts on other websites.
The attackers took profile details, such as birth dates, employers, education history, religious preference, types of devices used, pages followed, and recent searches and location check-ins from 14 million users. Moreover, the breach was restricted to name and contact details for the other 15 million users. In addition, attackers could see the posts and lists of friends and groups of about 400,000 users.
Facebook cut the number of affected users from its original estimate, after investigators reviewed activity on accounts that may have been affected. Cyber security experts warned that attackers could use stolen information in targeted phishing scams.
The US Federal Bureau of Investigation has asked the company to limit descriptions of the attackers due to an ongoing inquiry. However, Facebook affirmed it was continuing to investigate whether the attackers took actions beyond stealing data, such as posting from accounts, but had not found additional misuse.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now