The social media giant Facebook had made a confirmation that a security breach in its network has made 14 million users’ data vulnerable. The list of personal information includes contact information, religion, check-in locations, names, relationship status, birth date along with recent searches. The company released a statement stating that hackers have breached Facebook and stole the personal information of a significant number of users.
Facebook also said that the hackers had retrieved an additional number of 15 million Facebook users’ contact information and names which includes phone numbers email addresses in the much same security breach. Following this, another 1 million accounts of the Facebook users were vulnerable, but the hackers couldn’t get access to their private information.
Long story short, Facebook has analyzed that the hackers possess the ability to access to these 10 million Facebook accounts during a wide-reaching attack which took place on 14th of September 2018 and they stole personal information from 29 million accounts. The number is relatively smaller when it is compared to the original 50 million Facebook accounts which were estimated to have been affected.
Reportedly, the hackers have taken advantage of three vulnerabilities which are part of the codes of Facebook that was previously uploaded to the social media giant on July 2017.
The hackers have exploited 400,000 accounts of Facebook users to steal the access tokens. The access token allows the Facebook users to log-in to Facebook without having to re-enter their password. The access token had allowed the hackers to take a look at the Facebook profiles the same way the profiles would have appeared to the owner of the account which includes personal information, Messenger conversations, and the posts.
The vice president of Facebook’s product management, Guy Rosen told that Facebook is not able to rule out whether other users are affected in smaller scale attacks which took place between July 2017 to 14th September.
Facebook said that the third-apps like WhatsApp, Instagram, Oculus, Workplace, and Pages were not affected by this attack.