Facebook said on Friday that hackers had accessed the personal data of more than 29 million of its users from a breach at the leading social network worldwide that it disclosed late in September.
The company originally said that as many as 50 million accounts had been affected by the cyberattack that had exploited three software flaws in order to steal access tokens that enabled hackers to log back in automatically to the platform.
We are now aware that fewer users were impacted than originally thought said Guy Rosen the VP of product management at Facebook in a post online.
For 14 million other users, the attack was likely much more damaging. The cyber hackers accessed that same data as well as information that included gender, hometown, religion, birth date as well as places recently “checked in” to as visiting, said Facebook.
No data had been accessed in accounts of the other one million people who had their access tokens stolen, according to the post by Rosen.
The cyberattack did not affect Messenger, Messenger Kids, WhatsApp, Instagram, Workplace, Oculus, Pages, third-party apps, payments or developer accounts or advertising said the company.
Facebook has said that engineers discovered this breach September 25 and patched it two days later.
The breach allegedly related to a feature “view as” described as a tool for privacy that allows users to see what their own profile looks like to other users. The function is currently disabled until further notice.
Facebooks reset the accounts of 50 million users it though were affected, meaning users need to sign in again using passwords.
This breach was the most recent privacy embarrassment Facebook has faced. Earlier in 2018, Facebook acknowledged tens of millions of its users had their personal data stolen by Cambridge Analytica, which was was working in 2016 for presidential candidate Donald Trump.
Facebook said it has taken a precautionary step of resetting access tokens for 40 million more accounts that had accessed it function “view as.” Those users must log back in if they want to access their page.