Hack­ers stole data from 29M ac­counts: Face­book

Winnipeg Free Press - - BUSINESS - MAE AN­DER­SON

EW YORK — Face­book says hack­ers ac­cessed a wide swath of in­for­ma­tion — rang­ing from emails and phone num­bers to more per­sonal de­tails like sites vis­ited and places checked into — from mil­lions of ac­counts as part of a se­cu­rity breach the com­pany dis­closed two weeks ago.

Twenty-nine mil­lion ac­counts had some form of in­for­ma­tion stolen.

Orig­i­nally Face­book said 50 mil­lion ac­counts were af­fected but that it didn’t know if they had been mis­used.

The news comes at a jit­tery time ahead of the U.S. midterm elec­tions

Nwhen Face­book is fight­ing off mis­use of its site on a num­ber of fronts. The com­pany said Fri­day there’s no ev­i­dence this is re­lated to the midterms. On Fri­day, Face­book said hack­ers ac­cessed names, email ad­dresses or phone num­bers from these ac­counts.

For 14 mil­lion of them, hack­ers got even more data, such as home­town, birth­date, the last 10 places they checked into or their 15 most re­cent searches.

An ad­di­tional one mil­lion ac­counts were af­fected, but hack­ers didn’t get any in­for­ma­tion from them.

Face­book isn’t giv­ing a break­down of where these users are, but says the breach was “fairly broad.” It plans to send mes­sages to peo­ple whose ac­counts were hacked.

The com­pany said third-party apps that use a Face­book lo­gin and Face­book apps like What­sApp and In­sta­gram were un­af­fected by the breach.

Face­book said the FBI is in­ves­ti­gat­ing, but asked the com­pany not to dis­cuss who may be be­hind the at­tack.

Ac­cord­ing to the com­pany, at­tack­ers were able to “seize con­trol” of those user ac­counts by steal­ing dig­i­tal keys used to keep users logged in.

They could do so by ex­ploit­ing three dis­tinct bugs in Face­book’s code.

The hack­ers be­gan with a set of ac­counts they con­trolled, then used an au­to­mated process to ac­cess the dig­i­tal keys for ac­counts that were “friends” with the ac­counts they had al­ready com­pro­mised.

That ex­panded to “friends of friends,” ex­tend­ing their ac­cess to about 400,000 ac­counts, and went on from there to reach 30 mil­lion ac­counts.

There is no ev­i­dence that the hack­ers made any posts or took any other ac­tiv­ity us­ing the hacked ac­counts.

The com­pany said it has fixed the bugs and logged out af­fected users to re­set those dig­i­tal keys.

At the time, CEO Mark Zucker­berg — whose own ac­count was com­pro­mised — said at­tack­ers would have had the abil­ity to view pri­vate mes­sages or post on some­one’s ac­count, but there’s no sign that they did.

Face­book vice-pres­i­dent Guy Rosen said in a call with re­porters on Fri­day the com­pany hasn’t ruled out the pos­si­bil­ity of smaller-scale ef­forts to ex­ploit the same vul­ner­a­bil­ity that the hack­ers used be­fore it was dis­abled.

The com­pany has a web­site its two bil­lion global users can use to find out if their ac­counts have been ac­cessed, and if so, what in­for­ma­tion was stolen.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.