Facebook revealed Friday that last month’s security breach that affected almost 30 million accounts was indeed an attack and that the FBI is helping investigate.
The social media giant determined on Sept. 25 that there was an attack and was able to close the vulnerability within two days.
“We’re cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack,” said Facebook’s vice president of product management Guy Rosen in a blog post.
The attackers were able to steal the information by controlling a set of accounts. Those accounts already had a set of Facebook friends, and they were able to use a technique that allowed them to move “from account to account” to steal the log-in information of those friends, and for friends of those friends, and so on.
Then, the attackers used the friends of 400,000 users to steal log-in information for roughly 30 million people.
Of those users, hackers were able to access the name and contact details for 15 million users.
[Also read: Facebook removes more than 800 pages, accounts for fake political content]
For another 14 million users, hackers accessed their name and contact details, as well as other details they had on their profiles such as current city, device types used to access Facebook, the last 10 places they checked into or were tagged in, people or Pages they follow, and their 15 most recent searches.
For 1 million people, the attackers did not access any information.
Late last month, Facebook had disclosed that up to 50 million of its users had been affected, and that it had taken further security precautions on an additional 40 million accounts by logging them out.
Facebook has been fending off bad news reports over the last year following revelations that a British analytics firm, Cambridge Analytica, got access to the private information of up to 87 million users ahead of the 2016 presidential election.
Senior executives have been on Capitol Hill several times this year too, attempting to tamp down worries from lawmakers.
After the latest hack, lawmakers seized on the opportunity to call for more oversight.
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users,” Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee, said in a statement. “A full investigation should be swiftly conducted and made public so that we can understand more about what happened.”