Facebook Says 30 Million Had Access Tokens Stolen in Breach
About 30 million Facebook users had “access tokens” stolen in the latest privacy breach (see 1809280036), it announced Friday. Vice President-Product Management Guy Rosen said the platform is cooperating with the FBI, “which is actively investigating.” Cooperation will continue with the FTC, Data Protection Commission Ireland and others, he said. Hackers accessed names, phone numbers and/or email addresses for 15 million people, Rosen said. For another 14 million people, hackers accessed the same information and additional profile details, he said. Data Protection Commission Ireland tweeted that Facebook’s update was “significant now that it is confirmed that the data of millions of users was taken by the perpetrators of the attack. @DPCIreland’s investigation into the breach and Facebook’s compliance with its obligations under #GDPR continues.” While 30 million users had tokens stolen, about 50 million are believed to be affected, Rosen said. He said Facebook hasn't ruled out smaller-scale attacks. The hackers “exploited a vulnerability in Facebook’s code that existed between July 2017 and September 2018,” Rosen said.