Facebook warns 30m users over data hack
FACEBOOK is warning the 30m people whose phone numbers and personal details were stolen in a major cyber attack on the social network in September.
Those affected can visit the Facebook “help centre”, to see what information was stolen, including the last ten places they checked in, their hometown and last ten searches they made.
The FBI has opened an investigation into the hack, which Facebook made public two weeks ago. Guy Rosen, Facebook’s head of product, refused to speculate on who was behind the hack during a press conference call yesterday, but revealed that the company had traced the attack back to a group of “seed” accounts, suggesting that the perpetrator may be traceable.
Using these initial accounts, the attacker used a bug in Facebook’s code relating to a the “View As” feature to access the profiles of friends, which it believes existed since July last year.
Using an automated technique, they were able to open up the profile pages of about 30m people, allowing them complete access to their information.
Of these, 15m had their names, phone numbers and email addresses accessed. An additional 14m also had usernames, gender, language, relation- ship status, religion, city, birthday, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches.
Facebook spotted a spike of activity as the attacker moved through the accounts on Sept 14 and by Sept 25 concluded that it was under siege. On Sept 27 it shut down the “View as” feature and blocked the access tokens for those who were potentially exposed.
Mr Rosen said that there was “no evidence” that the data was being sold on the dark web.