NEW YORK — Facebook says hackers accessed data from 29 million accounts as part of the security breach disclosed two weeks ago, fewer than the 50 million it initially believed were affected.
The hackers accessed name, email addresses or phone numbers from these accounts, according to Facebook. For 14 million of them, hackers got even more data, such as hometown, birthdate, the last 10 places they checked into or the 15 most recent searches.
READ MORE: Toronto law firm hits Facebook with class action lawsuit after security breach
An additional 1 million accounts were affected, but hackers didn’t get any information from them.
Facebook isn’t giving a breakdown of where these users are, but says the breach was “fairly broad.” It plans to send messages to people whose accounts were hacked.
Facebook said third-party apps and Facebook apps like WhatsApp and Instagram were unaffected by the breach.
Get breaking National news
WATCH: Facebook says hackers didn’t use your login to access third-party apps
Facebook said the FBI is investigating, but asked the company not to discuss who may be behind the attack. The company said it hasn’t ruled out the possibility of smaller-scale attacks that used the same vulnerability.
Facebook has said the attackers gained the ability to “seize control” of those user accounts by stealing digital keys the company uses to keep users logged in. They could do so by exploiting three distinct bugs in Facebook’s code. The company said it has fixed the bugs and logged out affected users to reset those digital keys.
At the time, CEO Mark Zuckerberg — whose own account was compromised — said attackers would have had the ability to view private messages or post on someone’s account, but there’s no sign that they did.
Comments