Mumbai: Out of 50 million, tokens of actually 30 million user accounts are believed to be stolen, according to Facebook’s security update released on Friday. This is related to the recent attack and security breach that exploited a software vulnerability found in “View As” feature on the social networking site that believed to have affected nearly 50 million users of Facebook last month.
“We now know that fewer people were impacted than we originally thought. Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen,” Guy Rosen, Facebook’s VP – Product Management said in an online post.
This latest update comes after Facebook had reported an unusual spike of activity that began on September 14, 2018 and then it initiated an internal probe.
“On September 25, we determined this was actually an attack and identified the vulnerability. Within two days, we closed the vulnerability, stopped the attack, and secured people’s accounts by restoring the access tokens for people who were potentially exposed,” Rosen explained.
Further, “As a precaution, we also turned off “View As.” We’re cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack,” Rosen added in his post.
Its been revealed that the first attackers had control over a set of user accounts, which were Facebook friends and then using an automated technique they were able to connect and move from one account to other, totaling 400,000 people. In this entire process, they were able to steal tokens of users.
According to Facebook’s internal investigation, this particular attack did not include Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.