Facebook cuts data breach to 29 million
SAN FRANCISCO, Oct 13, (Agencies): Facebook said Friday that hackers accessed personal data of 29 million users in a breach at the world’s leading social network disclosed late last month.
The company had originally said up to 50 million accounts were affected in a cyberattack that exploited a trio of software flaws to steal “access tokens” that enable people to automatically log back onto the platform.
“We now know that fewer people were impacted than we originally thought,” Facebook vice president of product management Guy Rosen said in a conference call updating the investigation.
The hackers – whose identities are still a mystery – accessed the names, phone numbers and email addresses of 15 million users, he said.
For another 14 million people, the attack was potentially more damaging.
Facebook said cyberattackers accessed that data plus additional information including gender, religion, hometown, birth date and places they had recently “checked in” to as visiting.
No data was accessed in the accounts of the remaining one million people whose “access tokens” were stolen, according to Rosen.
The attack did not affect Facebook-owned Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps or advertising or developer accounts, the company said.
Facebook said engineers discovered a breach on September 25 and had it patched two days later.
That breach allegedly related to a “view as” feature – described as a privacy tool to let users see how their profiles look to other people. That function has been disabled for the time being as a precaution.
Facebook reset the 50 million accounts believed to have been affected, meaning users would need to sign back in using passwords.
The breach was the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had their personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.
“We face constant attacks from people who want to take over accounts or steal information around the world,” chief executive Mark Zuckerberg said on his own Facebook page when the breach was disclosed.
“While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.”
Facebook said it took a precautionary step of resetting “access tokens” for another 40 million accounts which had accessed the “view as” function.
Hackers evidently started the cyber-onslaught on September 14 with 400,000 “seed accounts” they had a hand in or were otherwise close to, according to Rosen.
Pentagon probes breach:
The Pentagon is investigating a cyber breach of some of its travel records that led to personal information being exposed, the military said on Friday.
Lieutenant Colonel Joseph Buccino, a Pentagon spokesman, said there had been a breach of some “personally identifiable information” when a “single commercial vendor” was hacked.
Buccino said the breach only affected a small percentage of personnel and the Pentagon was investigating the incident. Military leadership was made aware of the breach on Oct 4.
A federal government report earlier this week said the Pentagon had been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems.
Cyber security has been receiving increasing attention among US military and intelligence officials.
Last week, Western countries issued coordinated denunciations of Russia for running what they described as a global hacking campaign, targeting institutions from sports anti-doping bodies to a nuclear power company and the chemical weapons watchdog.
In some of the strongest language aimed at Moscow since the Cold War, Britain said Russia had become a “pariah state.”