Guy Rosen of Facebook followed up on their earlier disclosure of their security breach in a post euphemistically titled “An Update on the Security Issue”. They have to use the indefinite article “the security issue”, never “our security issue”.1 Anyway:
The attackers used a portion of these 400,000 people’s lists of friends to steal access tokens for about 30 million people. For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. For 1 million people, the attackers did not access any information.
A portion of users have also had their Facebook Messenger conversation names and contacts compromised, and if they were an admin of a page, any messages to that page might also be compromised as well. Katie Notopoulos and Nicole Nguyen of Buzzfeed have put together a great article on how to tell if you’re one of the users impacted.
Earlier this week, Facebook launched an always-on microphone with an attached camera.
I feel a little gross for interpolating Fight Club. ↩︎