Facebook Increases the Number of Recent Hack Victims from 50 to 30 Million. After research, Facebook knows more about the cause of the recent hack where data from 50 million users would have been stolen. That number of victims has now been adjusted to 30 million.
Facebook will notify the 30 million affected users in the coming days, the company reports Friday. On a particular page, users can already see if their account has been taken. Two weeks ago it was known that a big hack hit the company.
Now it is known that fifteen million users have been seized name and telephone number, e-mail address or both. Another fourteen million people also seized information such as username, relationship status, place of residence, date of birth, religion and more. No information was stolen from a million people who were hacked.
It was already clear how the hackers worked. They exploited a vulnerability in the “View as” feature, which allows users to see how their profile looks to others.
Because of the vulnerability, the hackers could steal so-called login tokens from users. These tokens ensure that users do not have to log in again for Facebook every time. With tokens, hackers could take over accounts.
The stealing of those tokens was automated, via a small number of previously hacked accounts. The vulnerability allowed the hackers to steal the tokens from friends of those accounts, and friends of those friends and so on.
That ultimately resulted in tokens of 400,000 people. Then part of the friend’s lists of those 400,000 people was used to steal the tokens of a total of 30 million users.
Facebook is still investigating the case in collaboration with the FBI and therefore does not want to say anything about who might be behind the attack.
