Facebook has announced that 30 million user accounts were affected due to the massive breach that occurred two weeks ago. Additional details of the massive hack were revealed by Facebook. The original estimate of the users affected by the breach was 50 million, but they were cut down to 30 million. Facebook revealed that the hackers took advantage from three liabilities in the “View As” feature to have access to the tokens that allowed them to penetrate user accounts.
Facebook’s vice president of product management Guy Rosen said, “With these access tokens an attacker could get into people’s accounts. We’re looking at approaches that could address this class of problem and, ensuring that we can catch them faster and minimize their impact.”
Facebook is working with the FBI to find out the identities of the hackers. They can’t reveal much at this stage but did confirm that the attack was well-coordinated with the help of the right infrastructure. Through this process, hackers got hold of 400,000 accounts.
Rosen said, “The 400,00 accounts are the ones where [the attackers’] script loaded the ‘View As’ view so that actually loads the Facebook profile for that person, and as part of that when that web page loads and renders in their script it would have included … things like their posts on their timeline, list of friends or groups they’re members of.”