The security flaw that was discovered in September in the first social network the world has allowed hackers to compromise the personal data of approximately 29 million users, said Facebook, Friday, 12 October, in a press release. If the number of people affected can be cold in the back, it is much less than what was feared the firm initially. Facebook said that 15 million people had seen their name and their personal contacts compromise and that further details had also been for 14 million other users.

The social network had spoken of 50 million accounts compromised in revealing the case of the 28 September. For the set of 29 million accounts, the hackers – whose identity and origin were not revealed until now – have entered the user name, email address and/or phone number if it was specified in their profile. The fishing has been much more successful, and potentially more damaging, in the other 14 million cases. In addition to the name and the contacts, the hackers were also able to access the sex, the status indicating the relationship status, the education received, but also the date of birth, place of residence, if it was populated, to the job held as well as the internet pages and the people followed by the users concerned. For another million of cases, hackers have been able to access any information.

The messaging Messenger spared

Facebook has stated that the american federal police was continuing its investigation and had asked him to and nothing to reveal. To the great relief of its users, the social network has specified that the exchanges – often quite close – to on its e-mail system Messenger were “not accessible to attackers” with the exception of a very configuration. When a member of a group Messenger was also the administrator of a page on Facebook, a message sent by a user of Facebook became accessible to hackers.

The group of Mark Zuckerberg confirmed on Friday it was revealed on 28 September. Hackers have taken advantage of the conjunction of several bugs dating back to July 2017 and nestled in the feature ” View as “, which allows you to view what looks like his own profile when he is seen by another user. In some cases, the use of this function, generated by “by mistake”, the numeric key connection, called in English ” access tokens “, which allow you to stay connected without having to enter your password each time. The pirates have arrived to steal these keys, which provide access to accounts as if we were the owner.

on The 16th of September, Facebook has seen an unusual rise in the number of connections and decided to investigate. On September 25, the network discovers the attack and the flaw. The 2.2 billion users can check if they are part of the victims on the site using Facebook and the social network has indicated that it would send custom messages to 30 million victims in the next few days to indicate what has been compromised, and to give them helpful tips to better protect themselves.