Cybersecurity

The FBI Is Now Investigating Facebook’s Security Breach Where Attackers Accessed 30 Million Users’ Personal Information

Facebook revealed on Friday that a previously announced security breach on its platform had a wide impact for some users, and it confirmed that the hack compromised personal and contact information. The company said the FBI is actively investigating the hack and asked Facebook not to disclose any potential culprits.

The attack, detected in late September, exposed some users’ emails and phone numbers, as well as profile information including gender, location, birth date, and recent search history. In a blog post on Friday, Facebook did not apologize for exposing its users’ information but noted that it was cooperating with the FBI, the US Federal Trade Commission, the Irish Data Protection Commission, and other authorities on the issue.

The attack involved the capturing of Facebook “access tokens,” or digital keys that allow websites to recognize who someone is and keep them logged in. Using accounts they already controlled, the attackers used an “automated technique” to exploit Facebook’s “View As” functionality and steal access tokens for some 400,000 people. Hackers than used friend lists from a portion of those 400,000 affected accounts to obtain access tokens for another 30 million people.