Facebook’s massive security hack was smaller than reported, but 29 million people still had their personal info stolen

Facebook says the security breach it announced late last month impacted fewer people than initially expected, though hackers still collected personal data from 29 million users.

Facebook reported Friday that 30 million accounts were compromised in the September breach in which a software “vulnerability” gave hackers access to a digital “token” that enabled them to log in to millions of user accounts. Originally, Facebook had estimated 50 million accounts might have been compromised. They’ve revised that number to 30 million.

That’s the “good” news. The bad news is these hackers did indeed collect personal user data from 29 million of those 30 million accounts, Facebook says. That includes the name and contact info — phone numbers and emails — for all 29 million people. The hackers also collected a lot of other information on 14 million of those 29 million users, including but not limited to “gender, locale/language, relationship status, religion [and] hometown,” Facebook wrote.

Facebook previously said that it didn’t know if any personal user information had been accessed, only that it was possible.

The FBI is investigating the attack and Facebook says it is cooperating. The company still has not said who was behind the hack.

Facebook, of course, has dealt with a lot of security and privacy issues so far in 2018, including its Cambridge Analytica scandal in which millions of users’ personal data was collected and sold to an outside political research firm. There is general concern that Facebook data like this might be used to help political candidates with ad targeting or messaging ahead of the U.S. midterm elections, which are early next month.

Facebook is hosting a conference call with reporters at 10 am PT to discuss the situation. We’ll update this story as we learn more.

Update: Facebook’s press call didn’t include a lot of new information, other than the fact that Facebook won’t be sharing a lot of new information.

Facebook product executive Guy Rosen took questions for about 25 minutes but declined to share any more details.

“[The FBI] asked us not to discuss who may be behind this attack or what their intentions could be,” Rosen said. He added, “We have no reason to believe this specific attack was related to the midterms.”

He also declined to share details about which countries might have been impacted by the attack, saying just that the attack was “fairly broad.”

This article originally appeared on Recode.net.

Will you support Vox’s explanatory journalism?

Most news outlets make their money through advertising or subscriptions. But when it comes to what we’re trying to do at Vox, there are a couple of big issues with relying on ads and subscriptions to keep the lights on:

First, advertising dollars go up and down with the economy. We often only know a few months out what our advertising revenue will be, which makes it hard to plan ahead.

Second, we’re not in the subscriptions business. Vox is here to help everyone understand the complex issues shaping the world — not just the people who can afford to pay for a subscription. We believe that’s an important part of building a more equal society. And we can’t do that if we have a paywall.

So even though advertising is still our biggest source of revenue, we also seek grants and reader support. (And no matter how our work is funded, we have strict guidelines on editorial independence.)

If you also believe that everyone deserves access to trusted high-quality information, will you make a gift to Vox today? Any amount helps.

One-Time Monthly Annual

$5/month

$10/month

$25/month

$50/month

Other

$

Yes, I'll give $5/month

Yes, I'll give $5/month

We accept credit card, Apple Pay, and Google Pay. You can also contribute via