Quote:In a blog post today, Facebook has decided to downplay the attack to make it appear as less serious than it actually is.  

"We now know that fewer people were impacted than we originally thought," stated the Facebook's update. "Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen. Here’s how it happened:"

"The attackers used a portion of these 400,000 people’s lists of friends to steal access tokens for about 30 million people," stated Facebook's blog post. "For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. For 1 million people, the attackers did not access any information."