Hack yielded data from up to 30 mil­lion users: Face­book

The Globe and Mail (Prairie Edition) - - NEWS - TAMSIN MCMA­HON U. S. COR­RE­SPON­DENT SAN JOSE, CALIF.

Hack­ers stole per­sonal in­for­ma­tion such as phone num­bers and e-mails from as many as 30 mil­lion Face­book users as part of the most sig­nif­i­cant se­cu­rity breach in the com­pany’s his­tory.

The so­cial-me­dia firm first dis­closed the breach two weeks ago, at the time es­ti­mat­ing that as many as 50 mil­lion ac­counts had been hacked by peo­ple who had ex­ploited a com­plex se­ries of bugs in the com­pany’s soft­ware.

Face­book scaled its es­ti­mate of af­fected users down to 30 mil­lion in an up­date on Fri­day, but re­vealed that hack­ers had been able to ac­cess a wide ar­ray of per­sonal de­tails from mil­lions of ac­counts.

Com­pany of­fi­cials said that they be­lieve hack­ers used au­to­mated soft­ware to steal con­tact in­for­ma­tion from pro­files of 29 mil­lion Face­book users and said that they would no­tify af­fected users about what in­for­ma­tion was stolen and how to pro­tect them­selves against sus­pi­cious emails, phone calls and text mes­sages. An­other one mil­lion users had their ac­counts ac­cessed, but no in­for­ma­tion was stolen.

For roughly half the users af­fected by the breach hack­ers were also able to col­lect even more in­for­ma­tion, such as birth dates, re­la­tion­ship sta­tus, lists of friends, posts they had writ­ten, re­cent search his­tory and ge­o­graphic in­for­ma­tion from the past 10 lo­ca­tions that they had checked into or were tagged on Face­book.

The hack­ers could also read the names of pri­vate con­ver­sa­tions on Face­book Mes­sen­ger, but not the con­tent of those mes­sages, com­pany of­fi­cials said. How­ever, hack­ers were able to read mes­sages sent to users who were ad­min­is­tra­tors of Face­book pages.

The se­cu­rity breach comes at a time when Face­book is al­ready un­der fire over data-pri­vacy laps- es. On Thurs­day, the com­pany said it had purged roughly 800 ac­counts and pub­lish­ers that were send­ing out po­lit­i­cally mo­ti­vated spam about the com­ing U.S. midterm elec­tions, spark­ing re­newed con­tro­versy that Face­book is cen­sor­ing po­lit­i­cal speech. U.S. fed­eral in­ves­ti­ga­tors and the Se­cu­ri­ties and Ex­change Com­mis­sion are also in­ves­ti­gat­ing the so­cial-me­dia gi­ant’s re­sponse to rev­e­la­tions that po­lit­i­cal con­sul­tancy Cam­bridge An­a­lyt­ica im­prop­erly col­lected data from mil­lions of Face­book ac­counts ear­lier this year.

Com­pany of­fi­cials said that the hack­ers were not able to ac­cess in­for­ma­tion on third-party apps such as Face­book-owned In­sta­gram, or ser­vices that al­lowed their users to log in to their apps through Face­book. The com­pany ini­tially warned that third-party apps may have been af­fected by the at­tack. The com­pany said that it is co-op­er­at­ing with an FBI in­ves­ti­ga­tion into the se­cu­rity breach and that in­ves­ti­ga­tors had re­quested Face­book not to dis­cuss who was be­hind the at­tack.

Com­pany of­fi­cials de­clined to say what coun­tries the hack­ers had tar­geted, but de­scribed the se­cu­rity breach as a “broad” at­tack. Cana­dian users have re­ported hav­ing to un­ex­pect­edly log in again to their Face­book ac­counts af­ter the se­cu­rity breach. The com­pany said that it had re­set the ac­counts of 90 mil­lion users as a pre­cau­tion­ary mea­sure.

“Peo­ple’s pri­vacy and se­cu­rity is in­cred­i­bly im­por­tant and we are sorry this hap­pened,” said Guy Rosen, Face­book’s vice-pres­i­dent of prod­uct man­age­ment. “We know we will al­ways face threats from those who want to take over ac­counts or steal in­for­ma­tion.” Ir­ish data-pro­tec­tion au­thor­i­ties have opened an in­ves­ti­ga­tion into whether the se­cu­rity breach vi­o­lated Face­book’s obli­ga­tions un­der the Gen­eral Data Pro­tec­tion Reg­u­la­tion, strict new Euro­pean Union dig­i­tal-pri­vacy laws en­acted ear­lier this year.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.