Face­book says data breach af­fected 29m users; de­tails to be un­veiled

Oman Daily Observer - - OMANINTERNATIONAL -

SAN FRAN­CISCO: Cy­ber at­tack­ers stole data from 29 mil­lion Face­book ac­counts us­ing an au­to­mated pro­gram that moved from one friend to the next, Face­book Inc an­nounced on Fri­day, as the so­cial me­dia com­pany said its largest-ever data theft hit fewer than the 50 mil­lion pro­files it ini­tially re­ported.

The com­pany said it would mes­sage af­fected users over the com­ing days to tell them what type of in­for­ma­tion had been ac­cessed in the at­tack.

The breach has left users more vul­ner­a­ble to tar­geted phish­ing at­tacks and could deepen un­ease about post­ing to a ser­vice whose pri­vacy, mod­er­a­tion and se­cu­rity prac­tices have been called into ques­tion by a se­ries of scan­dals, cy­ber se­cu­rity ex­perts and fi­nan­cial an­a­lysts said.

The at­tack­ers took pro­file de­tails such as birth dates, em­ploy­ers, ed­u­ca­tion his­tory, re­li­gious pref­er­ence, types of de­vices used, pages fol­lowed and re­cent searches and lo­ca­tion check-ins from 14 mil­lion users.

For the other 15 mil­lion users, the breach was re­stricted to name and con­tact de­tails. In ad­di­tion, at­tack­ers could see the posts and lists of friends and groups of about 400,000 users.

Law­mak­ers and in­vestors have grown more con­cerned that Face­book is not do­ing enough to safe­guard data.

Face­book cut the num­ber of af­fected users from its orig­i­nal es­ti­mate af­ter in­ves­ti­ga­tors re­viewed ac­tiv­ity on ac­counts that may have been af­fected. Still, cy­ber se­cu­rity ex­perts warned that at­tack­ers could use stolen in­for­ma­tion in tar­geted phish­ing scams.

“The bot­tom line is that all this data is still out there,” said Corey Mil­li­gan, a se­nior re­searcher with cy­ber se­cu­rity firm Ar­mor Inc.

Face­book Vice-pres­i­dent Guy Rosen told re­porters that the US Fed­eral Bu­reau of In­ves­ti­ga­tion has asked the com­pany to limit de­scrip­tions of the at­tack­ers due to an on­go­ing in­quiry. Rosen re­vealed that while the at­tack­ers’ in­tent has not been de­ter­mined, they did not ap­pear to be mo­ti­vated by the US mid-term Con­gres­sional election on Novem­ber 6.

He said the at­tack af­fected a “broad” spec­trum of users, but de­clined to break down the num­ber af­fected by coun­try.

Face­book said it was con­tin­u­ing to in­ves­ti­gate whether the at­tack­ers took ac­tions be­yond steal­ing data, such as post­ing from ac­counts, but had not found ad­di­tional mis­use.

Hack­ers did not steal per­sonal mes­sages or fi­nan­cial data and did not use their ac­cess to ac­counts to ac­cess users’ ac­counts on other web­sites, Face­book said.

Rosen said the com­pany would “do ev­ery­thing we can to earn users’ trust.” The com­pany pre­vi­ously warned that prof­its would suf­fer be­cause of breachre­lated ex­penses. The vul­ner­a­bil­ity the hack­ers ex­ploited ex­isted from July 2017 through late last month, when Face­book no­ticed an un­usual in­crease in the use of its “view as” fea­ture.

Face­book said it was con­tin­u­ing to in­ves­ti­gate whether the at­tack­ers took ac­tions be­yond steal­ing data, such as post­ing from ac­counts, but had not found ad­di­tional mis­use.

Newspapers in English

Newspapers from Oman

© PressReader. All rights reserved.