Space News from SpaceDaily.com
Facebook says hackers accessed data of 29 mn users
ADVERTISEMENT

San Francisco, Oct 12 (AFP) Oct 12, 2018
Facebook said Friday that hackers accessed personal data of 29 million users in a breach at the world's leading social network disclosed late last month.

The company had originally said up to 50 million accounts were affected in a cyberattack that exploited a trio of software flaws to steal "access tokens" that enable people to automatically log back onto the platform.

"We now know that fewer people were impacted than we originally thought," Facebook vice president of product management Guy Rosen said in a conference call updating the investigation.

The hackers -- whose identities are still a mystery -- accessed the names, phone numbers and email addresses of 15 million users, he said.

For another 14 million people, the attack was potentially more damaging.

Facebook said cyberattackers accessed that data plus additional information including gender, religion, hometown, birth date and places they had recently "checked in" to as visiting.

No data was accessed in the accounts of the remaining one million people whose "access tokens" were stolen, according to Rosen.

The attack did not affect Facebook-owned Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps or advertising or developer accounts, the company said.


- 'Vulnerability' in the code -


Facebook said engineers discovered a breach on September 25 and had it patched two days later.

That breach allegedly related to a "view as" feature -- described as a privacy tool to let users see how their profiles look to other people. That function has been disabled for the time being as a precaution.

Facebook reset the 50 million accounts believed to have been affected, meaning users would need to sign back in using passwords.

The breach was the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had their personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.

"We face constant attacks from people who want to take over accounts or steal information around the world," chief executive Mark Zuckerberg said on his own Facebook page when the breach was disclosed.

"While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place."

Facebook said it took a precautionary step of resetting "access tokens" for another 40 million accounts which had accessed the "view as" function.


- 'Seed' accounts -


Hackers evidently started the cyber-onslaught on September 14 with 400,000 "seed accounts" they had a hand in or were otherwise close to, according to Rosen.

"The attackers started with a set of accounts they controlled directly, then moved to their friends, and their friend's friends, and so on -- each time taking advantage of the vulnerability," he added.

The exploit allowed hackers to steal copies of access tokens from accounts of "friends" by using the "view as" feature.

Once they had keys to accounts, hackers had the ability to get into them and control them as though they were the real owner.

Hackers could have seen the last four digits of credit card data in people's accounts, with the rest hidden for security, but there was no sign that data was taken, according to Facebook.

Rosen said they found no reason yet to believe hackers were in interested in people's information, rather that it appeared the mission was to harvest access tokens from friends associated with breached accounts.

He declined to discuss progress regarding figuring out who was behind the attack, saying Facebook had been asked by the FBI to remain quiet on the topic.

The California-based social network says it is cooperating with the FBI, US Federal Trade Commission, Irish Data Protection Commission and other authorities regarding the breach.

Rosen said the FBI investigation also limited what he could disclose about what the hackers' end-goal may have been, but maintained that Facebook had "no reason to believe this attack was related to the mid-term elections" in the US.


ADVERTISEMENT




Space News from SpaceDaily.com
Japan Moon probe survives second lunar night
Europe space telescope's sight restored after de-icing procedure
Ariane 6's Maiden Voyage Marks a New Era for European Space Missions with YPSat Onboard

24/7 Energy News Coverage
Revolutionizing Particle Physics: AI's Role in Deciphering Complex Particle Paths
UC San Diego Scientists Unveil Plant-Based Polymers that Biodegrade Microplastics in Months
Cambridge working to unlock new solar energy pathways

Military Space News, Nuclear Weapons, Missile Defense
AI generates high-quality images 30 times faster in a single step
Aerospacelab and Xona Unite to Transform Satellite Navigation
GITAI's robotic system triumphs in ISS demo

24/7 News Coverage
'Just staggering': UN says households waste 1 bn meals a day
Neolithic Mariners: Unveiling the Mediterranean's Oldest Boats
Greece to buy seven Canadian water bombers for wildfires


All rights reserved. Copyright Agence France-Presse. Sections of the information displayed on this page (dispatches, photographs, logos) are protected by intellectual property rights owned by Agence France-Presse. As a consequence, you may not copy, reproduce, modify, transmit, publish, display or in any way commercially exploit any of the content of this section without the prior written consent of Agence France-Presse.