BIG HACK OF FACE­BOOK: WHAT INFO WAS TAKEN

Pro­gram­ming bugs let the at­tack­ers take over ac­counts.

The Atlanta Journal-Constitution - - FRONT PAGE - By Brian Fung

An on­line at­tack that forced Face­book to log out 90 mil­lion users last month di­rectly af­fected 29 mil­lion peo­ple on the so­cial net­work, the com­pany said Fri­day as it re­leased new de­tails about an in­ci­dent that has reg­u­la­tors and law en­force­ment on high alert.

Through a se­ries of in­ter­re­lated bugs in Face­book’s pro­gram­ming, un­named at­tack­ers stole the names and con­tact in­for­ma­tion of 15 mil­lion users, Face­book said. The con­tact in­for­ma­tion in­cluded a mix of phone num­bers and email ad­dresses.

An ad­di­tional 14 mil­lion users were af­fected more deeply, by hav­ing ad­di­tional de­tails taken re­lated to their pro­files such as their re­cent search his­tory, gen­der, ed­u­ca­tional back­ground, ge­olo­ca­tion data, birth dates, and lists of peo­ple and pages they fol­low.

Face­book said last month that it de­tected the at­tack when it no­ticed an uptick in user ac­tiv­ity. An in­ves­ti­ga­tion soon found that the ac­tiv­ity was linked to the theft of se­cu­rity codes that, un­der nor­mal cir­cum­stances, al­low Face­book users to nav­i­gate away from the site while re­main­ing logged in.

The bugs that al­lowed the at­tack to oc­cur gave hack­ers the abil­ity to ef­fec­tively take over Face­book ac­counts on a wide­spread ba­sis, Face­book said when it dis­closed the breach. The at­tack­ers be­gan with a rel­a­tively small num­ber of ac­counts that they di­rectly con­trolled, ex­ploit­ing flaws in the plat­form’s “View As” fea­ture to gain ac­cess to other users’ pro­files. (The “View As” fea­ture is de­signed to al­low users to view their own pro­files as though they are some­body else.)

Face­book said it is co­op­er­at­ing with au­thor­i­ties on its in­ves­ti­ga­tion, but said the FBI had ad­vised the com­pany not to dis­cuss who may be be­hind the at­tack.

Face­book has also es­tab­lished a web page that will in­form users who are logged in whether their ac­counts were af­fected.

What may have mo­ti­vated the at­tack­ers is still un­clear; de­spite mount­ing con­cerns about elec­tion se­cu­rity as U.S. of­fi­cials count down to a highly con­tested midterm elec­tion, Face­book said there was no in­di­ca­tion the hack was re­lated.

“We don’t have a spe­cific in­di­ca­tion as to the in­ten­tion of the hack­ers,” said Guy Rosen, Face­book’s VP of prod­uct man­age­ment.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.