For another 14 million people, the attack was potentially more damaging as the hackers accessed both their name and contact details as well as other details like username, gender, location, language, relationship status, religion, hometown, date of birth, device types used to access Facebook, education, work details, places they have recently “checked in” to as visiting, people or pages they follow and the 15 most recent searches.
He said users’ accounts have already been secured by the Facebook two weeks ago and they do not need to log out again or change their passwords.
The attack did not affect Facebook-owned Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, third-party apps, payments, Pages, and advertising or developer accounts, the company said.
Asserting that Facebook is still looking at other ways the hackers may have used the platform, Rosen said, “People’s credit card information would not have been visible to the attackers, as we do not display full credit card numbers — not even to the account holder.”
“We don’t have a specific indication of the intention of the attackers. And as we have said, we are cooperating with the FBI in an active investigation. As part of the information that we will be sharing with users over the coming days, we will be including information as to how they can watch out for any suspicious e-mails or text messages or things of that sort,” Rosen said.
Responding to a question, he said, the company will be notifying people through Facebook so that they can understand what information was accessed from their account and which group they were part of. “We will also work to contact people who may not be on Facebook any longer,” he said.
