Calgary Sun - - NEWS - MAE AN­DER­SON The As­so­ci­ated Press

NEW YORK — Face­book says hack­ers ac­cessed a wide swath of in­for­ma­tion — rang­ing from emails and phone num­bers to more per­sonal de­tails like sites vis­ited and places checked into — from mil­lions of ac­counts as part of a se­cu­rity breach the com­pany dis­closed two weeks ago.

twenty-nine mil­lion ac­counts had some form of in­for­ma­tion stolen. Orig­i­nally Face­book said 50 mil­lion ac­counts were af­fected, but that it didn’t know if they had been mis­used.

the news comes at a jit­tery time ahead of the midterm elec­tions when Face­book is fight­ing off mis­use of its site on a num­ber of fronts . the com­pany said Fri­day there’s no ev­i­dence this is re­lated to the midterms.

On Fri­day Face­book said hack­ers ac­cessed names, email ad­dresses or phone num­bers from these ac­counts. For 14 mil­lion of them, hack­ers got even more data, such as home­town, birth­date, the last 10 places they checked into or the 15 most re­cent searches.

an ad­di­tional 1 mil­lion ac­counts were af­fected, but hack­ers didn’t get any in­for­ma­tion from them.

Face­book isn’t giv­ing a break­down of where these users are, but says the breach was “fairly broad.” It plans to send mes­sages to peo­ple whose ac­counts were hacked.

Face­book said third-party apps that use a Face­book lo­gin and Face­book apps like What­sapp and In­sta­gram were un­af­fected by the breach.

Face­book said the FbI is in­ves­ti­gat­ing, but asked the com­pany not to dis­cuss who may be be­hind the at­tack.

the com­pany said it hasn’t ruled out the pos­si­bil­ity of smaller-scale at­tacks that used the same vul­ner­a­bil­ity.

Face­book has said the at­tack­ers gained the abil­ity to “seize con­trol” of those user ac­counts by steal­ing dig­i­tal keys the com­pany uses to keep users logged in.

they could do so by ex­ploit­ing three dis­tinct bugs in Face­book’s code.

the hack­ers be­gan with a set of ac­counts they con­trolled, then used an au­to­mated process to ac­cess the dig­i­tal keys for ac­counts that were “friends” with the ac­counts they had al­ready com­pro­mised. that ex­panded to “friends of friends,” ex­tend­ing their ac­cess to about 400,000 ac­counts, and went on from there to reach 30 mil­lion ac­counts. there is no ev­i­dence that the hack­ers made any posts or took any other ac­tiv­ity us­ing the hacked ac­counts.

the com­pany said it has fixed the bugs and logged out af­fected users to re­set those dig­i­tal keys.

at the time, ceO Mark Zucker­berg — whose own ac­count was com­pro­mised — said at­tack­ers would have had the abil­ity to view pri­vate mes­sages or post on some­one’s ac­count, but there’s no sign that they did.


Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.