TWO WEEKS AGO, Facebook revealed that a major security breach had put 50 million accounts at risk. Upon closer inspection, that number is just 30 million - 40 per cent less terrible than before.
Not that that's a great deal of consolation to those actually affected, but if that includes you there are degrees of severity. The social network explained in a blog post that one million of those accounts had no information accessed whatsoever, which is a good start. 14 million more lost what Facebook calls basic contact information - a name and an email address or phone number.
The remaining 15 million got the worst of it: basic information, plus extra data which may include gender, religion, relationship status, education, work, location, device information and the 15 most recent searches they had done at the time.
You can find out if you were in the mix by visiting the Facebook help centre here, but the company says it will be taking a more proactive approach in the coming days for affected accounts.
The good (?) news keeps coming. Remember how there were concerns that the breach would flow out to third-party apps that use Facebook to log in? The company says that's not the case. Nor were Facebook side-projects like Messenger, Instagram, WhatsApp, Oculus or Workplace in the mix.
Facebook is still looking into specifics of the attack, although the post goes into a little more detail of how a common feature was used against account holders.
"The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted "View As," a feature that lets people see what their own profile looks like to someone else," the post explains.
"It allowed attackers to steal Facebook access tokens, which they could then use to take over people's accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app."
The loophole was being exploited between 14 September and 25 September - at which point Facebook noticed, and closed the loophole within 48 hours, resetting the tokens in the process.
The company says it is now cooperating with the FBI "which is actively investigating and asked us not to discuss who may be behind this attack."
So just the 30 million accounts affected then. Or to put it another way: we thought Facebook's security snafu had affected a population the size of Colombia. Turns out it was just a Ghana. µ
But it might never see the light of a PC bay
It's nothing we haven't seen before, but it's still the best iPhone yet
Firm gives scanner flaw the finger
Ermine is the same but stoat-ally different