Facebook says hackers accessed highly-detailed personal data of 15 million users

In a news release with the bizarrely vague title of "An Update on the Security Issue", Facebook has revealed that the "View As" security breach it opened up about recently gave hackers access to the personal details of 15  million users.

Having previously advised that the access tokens stolen by hackers had not been used to infiltrate other apps and services, the social networking giant now says 15 million people have had their names and contact details exposed. 14 million users had significantly more details revealed, including username, relationship status, religion, hometown,  birthdate, places they have checked into, and recent searches.

See also:

• Facebook shares more details about its massive security breach -- after blocking people from sharing news about it
• Facebook hack update: Attackers did not use stolen tokens to access other sites and apps
• Facebook hack: 50 million users affected by site code flaw
• Facebook Lite for iOS is now a thing

The new details have been revealed by Guy Rosen, vice president of product management at Facebook, who starts off by trying to downplay the significance of the attack. He says: "Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen".

But for a large proportion of those that were affected by the attack, the implications could be great.

Rosen discloses just want hackers were able to access:

For 15 million people, attackers accessed two sets of information -- name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. For 1 million people, the attackers did not access any information.

The data that has been accessed is not only highly revealing private information, but is precisely the sort of data that could be used for identity theft and social engineering.

Facebook says that it is still working with the FBI, the US Federal Trade Commission, Irish Data Protection Commission, and other authorities to determine who was responsible for the attack.

Image credit: jakkapant turasen / Shutterstock