He said the FBI has asked the company " not to discuss who may be behind this attack" or to share other details that could compromise its investigation.
"Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen", he said.
Of that number, 15 million users had their name and contact info (phone number and/or email) compromised while another 14 million lost that and their gender, Facebook username, location, language, relationship status, hometown, religion, current area of residence, birthdate, devices used to access Facebook, work, education, and more.
On September 28, Facebook said a newly discovered flaw in the social media platform may have given hackers access to nearly 50 million accounts.
Rosen said that other Facebook services like Instagram, Oculus, WhatsApp, or Workplace were not impacted via the attack, nor were third-party apps that allow people use their Facebook accounts to log in. The hackers were able to gain access to names and phones numbers of almost all of those users as well as personal details such as birth dates, relationship status, gender, and education and work histories for 14 million of them.
The 30 million people who were affected will receive "customized messages" in the coming days, explaining what information the hackers might have accessed.
Facebook isn't giving a breakdown of where these users are, but says the breach was "fairly broad".
"The attackers already controlled a set of accounts, which were connected to Facebook friends".
11 quotes from Kanye's wild Oval Office rant
Fans have long speculated that West would run for president in 2020, but he appeared to throw cold water on that notion for now. It was unclear if Kushner had not offered his seat of Ivanka prefered to stand in her outfit.
This attack vector apparently only affected a subset of 400,000 users, but it could still result in a significant backlash for the company. The feature lets the user see how their profile looks to other people on Facebook.
Now, if your account was accessed, you'll see a very different warning.
If you're account wasn't breached, well, good for you. They could do so by exploiting three distinct bugs in Facebook's code.
Rosen says the attackers did not access any credit card information associated with members' accounts, and that the company has not received any reports of stolen information being available on the dark web - portions of the internet requiring special software to reach. Or you can click this link while signed into Facebook and scroll down.
Still, hackers neither accessed personal messages nor financial data and did not use Facebook logins to access other websites, all of which would have been a cause for greater concern.
Once they had keys to accounts, hackers had the ability to get into them and control them as though they were the real owner.
This sort of personal detail can help identity thieves accomplish hacks for years into the future.
"This doesn't sound very targeted at all", he said.