Facebook Inc. said that fewer users than it initially thought were impacted by hackers in the largest-ever security breach at the social-media giant two weeks ago, reducing its estimate from 50 million users affected to 30 million. Originally Facebook said 50 million accounts were affected, but that it didn't know if they had been misused.
The hackers - whose identities are still a mystery - accessed the names, phone numbers and email addresses of 15 million users, he said.
"We're cooperating with the Federal Bureau of Investigation, which is actively investigating and asked us not to discuss who may be behind this attack", Facebook said on a blog post.
It's safe to say that this recent Facebook access token hack is a complete mess - much more than a simple inconvenience that might have forced you to log back in to your Facebook account on your devices.
Facebook shares have dropped by 1.1 percent since the statement was released.
A company executive said on a conference call that Facebook will not provide country-by-country breakdowns of the affected users.
The hack, one of the worst in Facebook history, comes at a time when the Menlo Park, California-based social network is desperately trying to regain trust with its users. The attackers began with a relatively small number of accounts that they directly controlled, exploiting flaws in the platform's "View As" feature to gain access to other users' profiles.
The 30 million people who were affected will receive "customized messages" in the coming days, explaining what information the hackers might have accessed.
Earthquake Kills Three In Indonesia; Tsunami Warning In Papua New Guinea
Following the quake, at least two aftershocks were reported that scored more than 5 on the Richter Scale. The quake near Bali caused brief panic among residents, although there was no tsunami alert issued.
Facebook says it noticed "an unusual spike of activity" on September 14, and on September 25, determined that it was being attacked.
Regulators around the world have launched inquiries into another matter: How profile details from 87 million Facebook users were improperly accessed by political data firm Cambridge Analytica.
He added that the content from Messenger "was not available to the attackers, with one exception", - if someone was a Page administrator of a Page that "had received a message from someone on Facebook".
According to Facebook VP of Product Management Guy Rosen, attackers were able to access name and contact information for half of the hacked accounts.
Facebook reaffirmed that third-party apps were not accessed using the stolen tokens, and that the vulnerability did not affect other services the company owns, such as WhatsApp or Instagram.
On Friday, the company revealed that stolen data on 14 million users included birth dates, employers, education and lists of friends.
Rosen said they found no reason yet to believe hackers were in interested in people's information, rather that it appeared the mission was to harvest access tokens from friends associated with breached accounts.