At the time, the company made the announcement within 72 hours of discovering the breach in order to meet the guidelines of prevailing data security laws such as the General Data Protection Regulation (GDPR).
Since making the discovery, Facebook engineers have fixed the vulnerability, secured the site, and informed the relevant law enforcement agencies, but the breach still compromised the personal information of millions of users.
Facebook said it was continuing to investigate whether the attackers took actions beyond stealing data, such as posting from accounts, but had not found additional misuse. They used an automated technique to move from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on, totaling about 400,000 people.
As per the details, around twenty-nine million accounts had some form of information stolen.
Facebook announced the breach late last month, having detected the issue on September 25th: A flaw in the company's "View As" system, which allows users to view their profile and other pages as though there were a different user, allowed attackers to obtain access tokens for arbitrary user accounts - giving them access to supposedly-private information without having to know the password associated with said accounts. 14 million more lost what Facebook calls basic contact information - a name and an email address or phone number. The username, gender, relationship status, hometown, language, religion, birth date, self-reported current city, device type, website, and 15 most recent searches of some 14 million Facebook users were acquired by the attackers. For 1 million people, the attackers did not access any information. Users can check whether their profile was affected by visiting the help centre.
There was no reason to believe the attack was related to the November 6 midterm elections, he said.
Facebook, the world's largest social media network with more than 2 billion users, has faced rising criticism that it has failed to protect people's privacy.
Asked whether people on Facebook should continue to trust the service, Rosen responded that the company was committed to security.
"The hacked data, which includes details such as the email account, the mobile numbers, etc, can now be used to do a 'fishing attack, ' which means, either your bank accounts can be hacked, your identities can be stolen, and there could be further consequences that can impact your personal lives", Kaushik said. They could do so by exploiting three distinct bugs in Facebook's code.