Face­book cuts data breach to 29 mil­lion

‘Records ex­posed’

Arab Times - - IN­TER­NA­TIONAL -

SAN FRAN­CISCO, Oct 13, (Agen­cies): Face­book said Fri­day that hack­ers ac­cessed per­sonal data of 29 mil­lion users in a breach at the world’s lead­ing so­cial net­work dis­closed late last month.

The com­pany had orig­i­nally said up to 50 mil­lion ac­counts were af­fected in a cy­ber­at­tack that ex­ploited a trio of soft­ware flaws to steal “ac­cess to­kens” that en­able peo­ple to au­to­mat­i­cally log back onto the plat­form.

“We now know that fewer peo­ple were im­pacted than we orig­i­nally thought,” Face­book vice pres­i­dent of prod­uct man­age­ment Guy Rosen said in a con­fer­ence call up­dat­ing the in­ves­ti­ga­tion.

The hack­ers – whose iden­ti­ties are still a mys­tery – ac­cessed the names, phone num­bers and email ad­dresses of 15 mil­lion users, he said.

For an­other 14 mil­lion peo­ple, the at­tack was po­ten­tially more dam­ag­ing.

Face­book said cy­ber­at­tack­ers ac­cessed that data plus ad­di­tional in­for­ma­tion in­clud­ing gen­der, reli­gion, home­town, birth date and places they had re­cently “checked in” to as vis­it­ing.

No data was ac­cessed in the ac­counts of the re­main­ing one mil­lion peo­ple whose “ac­cess to­kens” were stolen, ac­cord­ing to Rosen.

The at­tack did not af­fect Face­book-owned Mes­sen­ger, Mes­sen­ger Kids, In­sta­gram, What­sApp, Ocu­lus, Work­place, Pages, pay­ments, third-party apps or ad­ver­tis­ing or de­vel­oper ac­counts, the com­pany said.

Face­book said en­gi­neers dis­cov­ered a breach on Septem­ber 25 and had it patched two days later.

That breach al­legedly re­lated to a “view as” fea­ture – de­scribed as a pri­vacy tool to let users see how their pro­files look to other peo­ple. That func­tion has been dis­abled for the time be­ing as a pre­cau­tion.

Face­book re­set the 50 mil­lion ac­counts be­lieved to have been af­fected, mean­ing users would need to sign back in us­ing pass­words.

The breach was the lat­est pri­vacy em­bar­rass­ment for Face­book, which ear­lier this year ac­knowl­edged that tens of mil­lions of users had their per­sonal data hi­jacked by Cam­bridge An­a­lyt­ica, a po­lit­i­cal firm work­ing for Don­ald Trump in 2016.

“We face con­stant at­tacks from peo­ple who want to take over ac­counts or steal in­for­ma­tion around the world,” chief ex­ec­u­tive Mark Zucker­berg said on his own Face­book page when the breach was dis­closed.

“While I’m glad we found this, fixed the vul­ner­a­bil­ity, and se­cured the ac­counts that may be at risk, the re­al­ity is we need to con­tinue de­vel­op­ing new tools to pre­vent this from hap­pen­ing in the first place.”

Face­book said it took a pre­cau­tion­ary step of re­set­ting “ac­cess to­kens” for an­other 40 mil­lion ac­counts which had ac­cessed the “view as” func­tion.

Hack­ers ev­i­dently started the cy­ber-on­slaught on Septem­ber 14 with 400,000 “seed ac­counts” they had a hand in or were oth­er­wise close to, ac­cord­ing to Rosen.

Rosen

Pen­tagon probes breach:

The Pen­tagon is in­ves­ti­gat­ing a cy­ber breach of some of its travel records that led to per­sonal in­for­ma­tion be­ing ex­posed, the mil­i­tary said on Fri­day.

Lieu­tenant Colonel Joseph Buc­cino, a Pen­tagon spokesman, said there had been a breach of some “per­son­ally iden­ti­fi­able in­for­ma­tion” when a “sin­gle com­mer­cial ven­dor” was hacked.

Buc­cino said the breach only af­fected a small per­cent­age of per­son­nel and the Pen­tagon was in­ves­ti­gat­ing the in­ci­dent. Mil­i­tary lead­er­ship was made aware of the breach on Oct 4.

A fed­eral gov­ern­ment re­port ear­lier this week said the Pen­tagon had been slow to pro­tect ma­jor weapon sys­tems from cy­ber at­tacks and rou­tinely found crit­i­cal vul­ner­a­bil­i­ties that hack­ers could po­ten­tially ex­ploit in those sys­tems.

Cy­ber se­cu­rity has been re­ceiv­ing in­creas­ing at­ten­tion among US mil­i­tary and in­tel­li­gence of­fi­cials.

Last week, Western coun­tries is­sued co­or­di­nated de­nun­ci­a­tions of Rus­sia for run­ning what they de­scribed as a global hack­ing cam­paign, tar­get­ing in­sti­tu­tions from sports anti-dop­ing bod­ies to a nu­clear power com­pany and the chem­i­cal weapons watch­dog.

In some of the strong­est lan­guage aimed at Moscow since the Cold War, Bri­tain said Rus­sia had be­come a “pariah state.”

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.