Facebook Started Investigating a Possible Breach on Sept. 16

(Bloomberg) -- Facebook Inc. started investigating unusual activity on its social network more than a week before it confirmed an attack had breached millions of user accounts.

During a conference call on Friday afternoon, executives from the company laid out a timeline of how they discovered the attack:

  • Sept. 16: Facebook detected a "spike in traffic" and launched an initial investigation. It was not clear to Facebook at that point if there was malicious activity.
  • Sept. 25: Facebook detected an "attack" on a broad range of accounts.
  • Facebook informed the FBI and the Irish Data Protection Commission sometime between Tuesday evening and late Thursday. Executives wouldn’t say exactly when.
  • Sept. 27: Facebook fixed the vulnerability and began logging users out, a necessary step to reset the security of their accounts.
  • Sept. 28: Facebook reported the breach had affected almost 50 million accounts and began rolling out notifications on the top of user’s feeds. Facebook was sued in the State of California by users over the hacking.

©2018 Bloomberg L.P.