Hack­ers ac­cess data of 29 mil­lion Face­book users

Kuwait Times - - International -

SAN FRAN­CISCO: Face­book said Fri­day that hack­ers ac­cessed per­sonal data of 29 mil­lion users in a breach at the world’s lead­ing so­cial net­work dis­closed late last month. The com­pany had orig­i­nally said up to 50 mil­lion ac­counts were af­fected in a cy­ber­at­tack that ex­ploited a trio of soft­ware flaws to steal “ac­cess to­kens” that en­able peo­ple to au­to­mat­i­cally log back onto the plat­form. “We now know that fewer peo­ple were im­pacted than we orig­i­nally thought,” Face­book vice pres­i­dent of prod­uct man­age­ment Guy Rosen said in a con­fer­ence call up­dat­ing the in­ves­ti­ga­tion. The hack­ers — whose iden­ti­ties are still a mys­tery — ac­cessed the names, phone num­bers and email ad­dresses of 15 mil­lion users, he said.

For an­other 14 mil­lion peo­ple, the at­tack was po­ten­tially more dam­ag­ing. Face­book said cy­ber­at­tack­ers ac­cessed that data plus ad­di­tional in­for­ma­tion in­clud­ing gen­der, reli­gion, home­town, birth date and places they had re­cently “checked in” to as vis­it­ing. No data was ac­cessed in the ac­counts of the re­main­ing one mil­lion peo­ple whose “ac­cess to­kens” were stolen, ac­cord­ing to Rosen. The at­tack did not af­fect Face­book-owned Mes­sen­ger, Mes­sen­ger Kids, In­sta­gram, What­sApp, Ocu­lus, Work­place, Pages, pay­ments, third-party apps or ad­ver­tis­ing or de­vel­oper ac­counts, the com­pany said.

‘Vul­ner­a­bil­ity’ in the code

Face­book said en­gi­neers dis­cov­ered a breach on Septem­ber 25 and had it patched two days later. That breach al­legedly re­lated to a “view as” fea­ture - de­scribed as a pri­vacy tool to let users see how their pro­files look to other peo­ple. That func­tion has been dis­abled for the time be­ing as a pre­cau­tion. Face­book re­set the 50 mil­lion ac­counts be­lieved to have been af­fected, mean­ing users would need to sign back in us­ing pass­words. The breach was the lat­est pri­vacy em­bar­rass­ment for Face­book, which ear­lier this year ac­knowl­edged that tens of mil­lions of users had their per­sonal data hi­jacked by Cam­bridge An­a­lyt­ica, a po­lit­i­cal firm work­ing for Don­ald Trump in 2016.

“We face con­stant at­tacks from peo­ple who want to take over ac­counts or steal in­for­ma­tion around the world,” chief ex­ec­u­tive Mark Zucker­berg said on his own Face­book page when the breach was dis­closed. “While I’m glad we found this, fixed the vul­ner­a­bil­ity, and se­cured the ac­counts that may be at risk, the re­al­ity is we need to con­tinue de­vel­op­ing new tools to pre­vent this from hap­pen­ing in the first place.” Face­book said it took a pre­cau­tion­ary step of re­set­ting “ac­cess to­kens” for an­other 40 mil­lion ac­counts which had ac­cessed the “view as” func­tion.

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.