U.S. top social media network Facebook admitted Friday that the accounts of 29 million users have been illegally accessed by attackers in the latest cyber attack it announced last month.
Facebook said 15 million people had their accounts compromised after hackers stole their sensitive information including their names, phone numbers, emails and other contact details, while 14 million users were illegally accessed for their user names, gender, religion, geographic location, birthday, work and education status.
In addition, 1 million Facebook users were also affected in the new wave of hacking activities, but they did not loose their personal information.
The Facebook disclosure is part of a larger security breach of 50 million accounts it unveiled about two weeks ago.
The world’s largest social media announced on Sept. 28 that attackers exploited a vulnerability in Facebook’s code that would allow hackers to steal access tokens used by Facebook users as login digital keys and then take control of their accounts
It said the vulnerability in Facebook code had existed between July 2017 and September 2018, which was the result of a complex interaction of three distinct software bugs.
The company said the attack that exploited this vulnerability was discovered on Sept. 24, but was fixed within two days to secure the accounts of millions of its users.
Facebook noted that the attack did not include its other apps and devices such as Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, payments, third-party apps, or advertising or developer accounts.
It confirmed that the U.S. Federal Bureau of Investigation is actively investigating the hack, but it did not reveal any more further details.
Facebook currently has about 2.23 billion monthly active users worldwide as of June 30 this year.