In addition, attackers could see the posts and lists of friends and groups of about 400,000 users.
With about 1.4% users' data (of the 2.2 billion monthly active Facebook users) compromised, in the recent security breach, Facebook still has no plans to provide additional protection services for the affected users, per BBC.
Nor were Facebook side-projects like Messenger, Instagram, WhatsApp, Oculus or Workplace in the mix.
Facebook said on Friday it had confirmed that the attackers in the mass security breach it announced late in September accessed the accounts of about 30-million people and stole name and contact details of 29-million members.
The hack happened between September 14-27, according to officials, but they said the vulnerable code had been online from July 2017 to September 2018. Because some users had birthdays and other details stolen, those affected may also want to contact their financial institutions to set up PIN codes for an extra security barrier. "For one million people, the attackers did not access any information". The tokens work like digital keys that keep users logged in to Facebook so they don't have to repeatedly enter their username and passwords. Facebook also clarified that incredibly sensitive information such as passwords and credit card numbers were not accessed, but there's a chance that your phone number, email address, location history, and even your search history on the social network were collected during the breach.
All you have to do to figure out if you've been hacked is visit this page on the Facebook Help Center and scroll to the bottom. A spokesperson for the Irish data regulator said of Friday's announcement, "The update from Facebook today is significant now that Facebook has confirmed that the personal data of millions of users was taken by the perpetrators of the attack".
The platform reports that around 30 million users have had their login tokens stolen. Of course, Facebook is continuing its investigation alongside the Federal Bureau of Investigation (FBI), with a range of suspects remaining undisclosed.
Facebook's lead European Union data regulator, the Irish data protection commissioner, last week opened an investigation into the breach.
Patrick Moorhead, founder of Moor Insights & Strategy, said the breach appeared similar to identity theft breaches that have occurred at companies including Yahoo and Target in 2013. "I think this is nothing but an age-old mechanism of trying to reduce the impact of the disaster, by first coming in with small tricklets of information, and slowly over a period of time, expanding the scope of the said disclosures". If you allegedly sent out friend requests to people you don't know, or spot messages that you didn't write then alarm bells should be going off.
Facebook's vice president of prodcut management Guy Rosen revealed more details about the hack in a blog post today.