Facebook says hackers stole detailed personal data from 14 million people

Intimate info, including locations and hometowns, were stolen by attackers in a major hack disclosed 2 weeks ago.

While the total number of accessed accounts was smaller than initially thought, the personal data taken from about half of the affected accounts was extensive. (Photo: Jason Alden/Bloomberg)

Facebook Inc. said intimate information, including search results, recent locations and hometowns, were stolen from 14 million users by attackers in a major hack of the social network disclosed two weeks ago.

The company said the cyberattack, one of the worst to hit Facebook, affected 30 million people rather than about 50 million the company first reported Sept. 28. While the total number of accessed accounts was smaller than initially thought, the personal data taken from about half of the affected accounts was extensive.

Profiles, searches, timelines, Messenger conversation

For about 14 million people the hackers accessed information such as the last 10 places that person checked into, their current city and their 15 most-recent searches, the company said Friday in a blog post. For 15 million, the cyberthieves only accessed name and contact information. The attackers didn’t take any information from about 1 million people whose accounts were vulnerable.

Related: Mastering the 1-2-3 of cybersecurity

A smaller slice of people were more heavily affected. About 400,000 people served as the hackers’ entry point to the 30 million others on Facebook. For those 400,000, the attackers could see what the users see as they look at their own profiles. That included posts on their Facebook timelines, and names of recent Facebook Messenger conversations.

The security breach comes at a time when the Menlo Park, California-based company is desperately trying to regain trust with its users. Facebook has been under fire since it was learned earlier this year that personal information was transferred by an app developer to Cambridge Analytica, a political consulting firm that worked for Donald Trump’s 2016 presidential campaign. The company has spent months trying to update its security and answer questions about the scandal from U.S. lawmakers and overseas policy makers.

FBI investigation continues

So far, Facebook said it hasn’t seen the information appear anywhere else online, but the company continues to investigate the incident with the FBI. This sort of personal detail can help identity thieves accomplish hacks for years into the future.

Facebook declined to say whether stealing identities, or anything else, was the motive for the attack.

Related: Examining cyber risks and coverage options

“We are cooperating with the FBI on this matter. The FBI have asked us not to discuss who may be behind this attack,” Guy Rosen, a vice president of product management at Facebook, said on a call with reporters.

Facebook users can check here to see if they were affected:   https://www.facebook.com/help/securitynotice?ref=sec