By Gavin Hanson
The FBI has asked Facebook not to reveal who may be behind a recent hack that exposed highly sensitive personal information of 14 million users, according to a Facebook security update Friday.
A hack on Facebook, which originally was reported to have affected 50 million users, now has been confirmed to have only affected 30 million. That said, the hack “appears to be the worst hack in Facebook’s 14-year history,” according to Business Insider’s Rob Price. (RELATED: Sources: China Hacked Hillary Clinton’s Private Email Server)
Hackers took advantage of an intersection of three different and distinct bugs in Facebook’s website to gain “access tokens” to users’ accounts, according to Guy Rosen, the vice president of product management at Facebook.
“We’re cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack,” Rosen wrote in a post entitled “An Update on the Security Issue.”
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” according to Rosen. Facebook’s security update breaks down the 30 million affected users by how much data was accessed by hackers.
A lucky 1 million users had no information scraped from their accounts by hackers. For 14 million users, access tokens were used to access “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches,” according to Rosen.
The other 15 million users had only their name and phone number and, or email compromised.
Facebook has promised to send “customized messages” to the 30 million users impacted by the breach to explain how and to what extent their personal information was compromised. Facebook also set up a Help Center where users can check the status of their account and see if their information may have gotten into the wrong hands.