Hack­ers hit 30 mil­lion users: Face­book

Belfast Telegraph - - NEWS - BY JACK HARDY

FACE­BOOK has re­vealed that mil­lions of email ad­dresses, phone num­bers and other per­sonal user in­for­ma­tion were com­pro­mised dur­ing a re­cent se­cu­rity breach.

The so­cial me­dia gi­ant, which has more than two bil­lion users world­wide, an­nounced last month that en­gi­neers had dis­cov­ered a “se­cu­rity is­sue” which af­fected 50 mil­lion ac­counts.

Yes­ter­day, the com­pany’s vice-pres­i­dent of prod­uct man­age­ment, Guy Rosen, said “fewer peo­ple were im­pacted than we orig­i­nally thought”, with ac­cess to­kens stolen from around 30 mil­lion ac­counts.

Ac­cess to­kens work as dig­i­tal keys, let­ting those who hold them log into Face­book ac­counts with­out en­ter­ing a pass­word.

Shed­ding new light on the hack, Mr Rosen said the at­tack­ers used an “au­to­mated tech­nique” to move from ac­count to ac­count, steal­ing to­kens of friends-of-friends, “to­talling about 400,000 peo­ple”.

This pool of 400,000 users al­lowed them to steal ac­cess to­kens from 30 mil­lion, he con­tin­ued. He wrote: “For 15 mil­lion peo­ple, at­tack­ers ac­cessed two sets of in­for­ma­tion — name and con­tact de­tails (phone num­ber, email, or both, de­pend­ing on what peo­ple had on their pro­files).

“For 14 mil­lion peo­ple, the at­tack­ers ac­cessed the same two sets of in­for­ma­tion, as well as other de­tails peo­ple had on their pro­files. This in­cluded user­name, gen­der, lo­cale/lan­guage, re­la­tion­ship State­ment: Guy Rosen, Face­book and any of their other ser­vices, such as Spo­tify, In­sta­gram or Tin­der, which ac­cept Face­book ac­cess to­kens.

Mes­sages be­tween ac­counts were not com­pro­mised by the hack­ers, Mr Rosen said, ex­cept if the per­son was an ad­min whose page had re­ceived a mes­sage.

Face­book staff first no­ticed an “un­usual spike of ac­tiv­ity” that be­gan on Septem­ber 14. On Septem­ber 25, the trend was iden­ti­fied as an at­tack, prompt­ing pro­gram­mers to close the vul­ner­a­bil­ity, which hap­pened within two days, the tech chief said.

“We’re co­op­er­at­ing with the FBI which is ac­tively in­ves­ti­gat­ing and asked us not to dis­cuss who may be be­hind this at­tack,” his blog con­tin­ued. Face­book users can check if they are af­fected by vis­it­ing its help cen­tre.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.