Facebook eventually made more information about the data breach we mentioned end of September. All we knew then about the violation was that it may have affected up to 50 millions of users.
According with Guy Rosen VP of Facebook Product Management who is allegedly playing the role of security officer:
Today we know that fewer people have been affected than we originally thought. From 50 millions of people who believed that access tokens had leaked, about 30 millions were actually affected.
Attackers apparently used some kind of automated method to get the token access from the friends of the accounts they had already violated. Eventually they managed to obtain 30 million access tokens instead of the initially reported 50 million.
According to Rosen:
Attackers stole the name and contact information from 29 millions of users. These include phone numbers and email addresses. The attackers managed to get millions of users (14 million from 14) from 29, such as gender, religion, device types, birthdays, latest geographic locations, who and what they are following and latest searches.
There were also 1 million lucky guys that the attackers did not touch their data.
Rosen also clarified that this violation affected only Facebook, not Instagram, WhatsApp, or other company applications. According to TechCrunch, the company is working with the FBI, and they are not allowed to publish who think they may be behind the attack.