'Late last month Facebook announced the service had been hacked, resulting in the theft of data from 50 million users. Today Facebook finally issued an update on what the company's continuing investigation has found regarding the scale and scope of the attack. While the official press release presents the findings in a matter-of-fact manner, tech reporters have been quick to point out that the actual risks posed by what the attackers possess are alarming. The hackers used an exploit particular to the "View As" feature that allowed them to steal access tokens, letting the hackers take over accounts they did not already possess the passwords to. Facebook's press release notes that "the attackers already controlled a set of accounts, which were connected to Facebook friends." Starting by taking over friends of those initial accounts, the hackers stole tokens for "about 400,000" accounts. From there, the hackers used a portion of those accounts' friend lists to take over 30 million accounts. The press release is quick to note that this is less than Facebook's initial assessment that 50 million accounts had been compromised ("about 30 million actually had their tokens stolen," emphasis Facebook's).' -- source: http://digg.com/2018/facebook-hack-30-million-users-contact-info-2fa Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/