Facebook has reported about a hack into the data of at least 30 million users of the social network, exploiting a vulnerability in Facebook’s code that existed between July 2017 and September 2018, Sputnik reported.
“We now know that fewer people were impacted than we originally thought. Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen,” Facebook said in a statement.
As the social media giant specified, they discovered the security breach two weeks ago.
“We have been working around the clock to investigate the security issue we discovered and fixed two weeks ago so we can help people understand what information the attackers may have accessed. Today, we’re sharing details about the attack we’ve found that exploited this vulnerability. We have not ruled out the possibility of smaller-scale attacks, which we’re continuing to investigate,” the Facebook statement reads.
The company explained that they had identified the vulnerability and determined that it was an attack that took place on September 25. As Facebook noted, they are cooperating with the FBI on the issue.
The social media giant elaborated that the attack has led to a suspension of the “View As” function.
Soon after the attack took place in September, Facebook reported of 50 million affected accounts, plus 40 million more accounts which had been subject to a “view as” look-up over the past year. However, the number of users affected by the breach turned out to be lower.