Wednesday, 23 January, 2019

Facebook says only 30 mln affected by recent security breach

Facebook Facebook says only 30 mln affected by recent security breach
Sherri Watson | 18 October, 2018, 15:44

Some 34,891 Korean Facebook accounts were hacked in the latest security breach in the global social network in September. "We will review the incident carefully and take punitive measures under Korean data laws".

Additionally, the hackers also stole information in regard to name and contact details of the accounts of another 15 million accounts, although they did not gain access to the information of accounts of one million people. Also, F Users can find out if their personal data has been accessed by visiting Facebooks Help Center.

In the coming days, Facebook will send customized messages to the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls.

With Facebook still trying to recover from the Cambridge Analytica scandal, this new breach is another major knock to its reputation.

Twenty-nine million accounts had some form of information stolen.

"In the process, however, this technique automatically loaded those accounts' Facebook profiles, mirroring what these 400,000 people would have seen when looking at their own profiles".

This includes the user's, "username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches".

However, the company noted that the attack was limited to Facebook and its other platforms like Messenger, WhatsApp, Oculus and payments among others are safe. The company said it hasn't ruled out the possibility of smaller-scale attacks that used the same vulnerability. They could do so by exploiting three distinct bugs in Facebook's code.

While hackers used access tokens to fool the site into thinking the login was authorized, there's no indication they had access to Facebook passwords, and it may not be necessary to change them.

Rosen said the company would "do everything we can to earn users' trust".

Facebook did not say who might have been behind the latest attack or if certain groups of people were targeted, but it said it was working with authorities including the FBI to investigate.

Facebook's vice president of prodcut management Guy Rosen revealed more details about the hack in a blog post today.

Patrick Moorhead, founder of Moor Insights & Strategy, said the breach appeared similar to identity theft breaches that have occurred at companies including Yahoo and Target in 2013. "Facebook should provide all those customers free credit monitoring to make sure the damage is minimized".

"We now know that fewer people were impacted than we originally thought".

"This doesn't sound very targeted at all", he said.

It is not clear who was behind the hack.