Hack­ers get into 29M Face­book ac­counts

The Daily Courier - - BUSINESS -

NEW YORK (AP) — Face­book says hack­ers ac­cessed a wide swath of in­for­ma­tion — rang­ing from emails and phone num­bers to more per­sonal de­tails like sites vis­ited and places checked into — from mil­lions of ac­counts as part of a se­cu­rity breach the com­pany dis­closed two weeks ago.

Twenty-nine mil­lion ac­counts had some form of in­for­ma­tion stolen. Orig­i­nally Face­book said 50 mil­lion ac­counts were af­fected, but that it didn’t know if they had been mis­used.

The news comes at a jit­tery time ahead of the midterm elec­tions when Face­book is fight­ing off mis­use of its site on a num­ber of fronts . The com­pany said Fri­day there’s no ev­i­dence this is re­lated to the midterms.

On Fri­day Face­book said hack­ers ac­cessed names, email ad­dresses or phone num­bers from these ac­counts. For 14 mil­lion of them, hack­ers got even more data, such as home­town, birth­date, the last 10 places they checked into or the 15 most re­cent searches.

An ad­di­tional one mil­lion ac­counts were af­fected, but hack­ers didn’t get any in­for­ma­tion from them.

Face­book isn’t giv­ing a break­down of where these users are, but says the breach was “fairly broad.” It plans to send mes­sages to peo­ple whose ac­counts were hacked.

Face­book said third-party apps that use a Face­book lo­gin and Face­book apps like What­sApp and In­sta­gram were un­af­fected by the breach.

Face­book said the FBI is in­ves­ti­gat­ing, but asked the com­pany not to dis­cuss who may be be­hind the at­tack.

Face­book has said the at­tack­ers gained the abil­ity to “seize con­trol” of those user ac­counts by steal­ing dig­i­tal keys the com­pany uses to keep users logged in. They could do so by ex­ploit­ing three dis­tinct bugs in Face­book’s code.

The hack­ers be­gan with a set of ac­counts they con­trolled, then used an au­to­mated process to ac­cess the dig­i­tal keys for ac­counts that were “friends” with the ac­counts they had al­ready com­pro­mised. That ex­panded to “friends of friends,” ex­tend­ing their ac­cess to about 400,000 ac­counts, and went on from there to reach 30 mil­lion ac­counts. There is no ev­i­dence the hack­ers made any posts or took any other ac­tiv­ity us­ing the hacked ac­counts.

The com­pany said it has fixed the bugs and logged out af­fected users to re­set those dig­i­tal keys.

CEO Mark Zucker­berg’s ac­count was one of those hit.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.