Nearly 30 million accounts compromised in September Facebook hack

October 12, 2018

Facebook announced Friday that nearly 30 million accounts were compromised in the latest security breach, about 20 million less than originally thought.

Guy Rosen, Facebook’s vice president of product management, penned an update on the investigation into the bug first reported at the end of September.

Mr. Rosen explained that the hackers gained access to about 400,000 accounts, which they used to steal login access tokens for 29 million accounts. Of those, 15 million had their name and contact information phone number or email compromised.

The attack was worse for another 14 million that not only had their name and contact information stolen, but also profile details such as hometown, self-reported current city, birthday, and the last 10 places they were checked in or tagged at.

The post said that the bug rooted in the “View As” feature was discovered and shut down within two days. They are still looking into “smaller-scale” hacks.

The feature remains shut down, and the stolen access tokens, which keep users logged in but allowed the hackers to control their accounts, were reset.

Facebook is cooperating with the FBI’s investigation into the security breach and therefore will not reveal the suspects behind the hack.

Update hourly