Facebook revises number of users hit by hackers
Facebook Incorporated said yesterday that attackers stole names and contact details of 29mn users in the mass security breach disclosed by the social media network late last month.
The breach, Facebook’s worst ever, has exacerbated concerns among users, lawmakers and investors that the company is not doing enough to safeguard data, particularly in the wake of the Cambridge Analytica data scandal.
Still, hackers neither accessed personal messages nor financial data and did not use Facebook logins to access other websites, all of which would have been a cause for greater concern.
Facebook originally had said in late September that hackers stole digital login codes to take over nearly 50mn user accounts.
Yesterday the company revealed that stolen data on 14mn users included birth dates, employers, education and lists of friends.
For 15mn users, it was restricted to just name and contact details.
All of those could help a fraudster pose as Facebook, the employer or a friend.
They could then craft a more sophisticated e-mail aimed at tricking users into providing login information on a fake page or into clicking on an attachment that would infect their computers.
“We’re co-operating with the Federal Bureau of Investigation (FBI), which is actively investigating and asked us not to discuss who may be behind this attack,” Facebook said on a blog post.
The social network in late September did not confirm if information had actually been stolen.
“There’s not much more that Facebook can do,” said Michael Pachter, an analyst with Wedbush Securities. “The stolen data is likely to be used by the hackers, so this problem is likely to persist for quite some time.”
Facebook’s latest vulnerability has existed since July 2017, but the company first identified it in mid-September after spotting a fairly large increase in use of its “view as” feature.
It determined that it was an attack on September 25.
“Within two days, we closed the vulnerability, stopped the attack and secured people’s accounts by restoring the access tokens for people who were potentially exposed,” Facebook said.
The “view as” feature allows users to check their privacy settings by giving them a glimpse of what their profile looks like to others.