Facebook October 2018 security breach: Everything you need to know



The company said it is cooperating with an FBI investigation into the security breach and that investigators had requested Facebook not discuss who was behind the attack.

Hackers did not steal personal messages or financial data and did not use their access to accounts to access users' accounts on other websites, Facebook said. "For 14 million people, the attackers accessed the same two sets of information", Rosen wrote.

An additional 1 million accounts were affected, but hackers didn't get any information from them.

Facebook also stressed that the attack did not affect Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts. One million accounts were affected but hackers didn't gain information.

Facebook's vice president of product management Guy Rosen used a blog post today to share further details on the data the hackers stole from those affected accounts. In the process, however, this technique automatically loaded those accounts' Facebook profiles, mirroring what these 400,000 people would have seen when looking at their own profiles.

Facebook says it'll be reaching out to users to tell them what next steps they should take, but as always with these attacks, there are a few things you can do right now to ensure you're taking the right steps. USA federal investigators and the Securities and Exchange Commission are also investigating the social media giant's response to revelations that political consultancy Cambridge Analytica improperly collected information from millions of Facebook accounts. Users will also see a "customised message" in the coming days to assist in preventative measures.

On Friday, the social-networking firm revealed more details about the attack - and said the Federal Bureau of Investigation had asked it not to reveal who might be behind it.

Beginning with a set of accounts controlled by the attackers, the exploit jumped from friends of those users to friends of friends, ballooning to the eventual total of 30 million accounts via an automated script.

A smaller slice of people were more heavily affected. On September 25, we determined this was actually an attack and identified the vulnerability. Up to 90 million people were logged out of their accounts and had those tokens reset as a result of the bug's discovery.

Company officials declined to say what countries the hackers had targeted, but described the security breach as a "broad" attack.

And while the larger ramifications of the breach, announced two weeks ago, are as of yet not fully understood, Facebook claims it has a decent grasp on one important detail: Whether or not you are one of the victims.