Face­book re­vises hack to­tal

Com­pany says nearly 30 mil­lion users were af­fected, down from nearly 50 mil­lion.

Los Angeles Times - - BUSINESS BEAT - By Jo­hana Bhuiyan jo­hana.bhuiyan @la­times.com

The hack­ers who ex­ploited a Face­book vul­ner­a­bil­ity last month ac­cessed the per­sonal in­for­ma­tion of nearly 30 mil­lion users, the so­cial me­dia giant re­vealed Fri­day.

On about 29 mil­lion of the af­fected accounts, hack­ers ac­cessed contact in­for­ma­tion, such as phone num­bers and email ad­dresses, Face­book Inc. said, and a slew of other per­sonal de­tails were ex­posed on about half of those accounts.

But the breach was not as big as Face­book ini­tially thought. Two weeks ago, when it no­ti­fied the pub­lic of the at­tack, the Menlo Park, Calif., com­pany said nearly 50 mil­lion accounts had been af­fected be­fore it could find and patch the vul­ner­a­bil­ity.

The com­pany also said Fri­day that it saw no ev­i­dence that the hack­ers used Face­book lo­gins to ac­cess af­fected users’ accounts on third-party sites or apps.

On 14 mil­lion of the af­fected accounts, the hack­ers ac­cessed de­tails in­clud­ing but not lim­ited to user name, gen­der, lan­guage, re­la­tion­ship sta­tus, re­li­gion, birth­day and de­vice used to log on to the so­cial net­work, Face­book said Fri­day.

Then there were about 400,000 users who were even more deeply af­fected. Us­ing a bug in the “View As” fea­ture — which en­ables a user to view his or her own pro­file the way some­one else sees it — the hack­ers could see those 400,000 users’ en­tire pro­files, Face­book said.

It said the hack­ers had ac­cess to those users’ friend lists, posts on their time­lines, groups each user had joined and the ti­tles of re­cent con­ver­sa­tions the users had held on Face­book Mes­sen­ger. The con­tent of those mes­sages was not vis­i­ble, ex­cept in lim­ited cases for users who were page ad­min­is­tra­tors, the com­pany said.

The FBI is work­ing to de­ter­mine who the hack­ers are and what they in­tend to do with the in­for­ma­tion they stole, Face­book said.

The com­pany said it was co­op­er­at­ing with the FBI in­ves­ti­ga­tion and could not dis­cuss the hack­ers’ iden­ti­ties or in­ten­tions. Face­book’s vice pres­i­dent of prod­uct man­age­ment, Guy Rosen, said the com­pany had “no rea­son to be­lieve that this spe­cific at­tack was re­lated to the midterms” be­cause the hack­ers tar­geted a broad base of users. The com­pany de­clined to pro­vide any fur­ther ev­i­dence.

“We have a lot of teams fo­cused on ac­tiv­i­ties ahead of the midterm elec­tions,” Rosen told re­porters Fri­day.

Ex­perts warn that the breach may open users up to phish­ing and other scams off the Face­book plat­form.

“When you do phish­ing, you can do it by email, by phone calls, or you can do it by tex­ting,” said Re­becca Herold, the founder and pres­i­dent of pri­vacy and se­cu­rity man­age­ment con­sult­ing firm Sim­bus360. “By hav­ing ac­cess to a lot of ad­di­tional in­for­ma­tion about a per­son such as know­ing who they com­mu­ni­cate with, it would be very easy to spoof that per­son’s friend and ask for in­for­ma­tion.”

Herold also said scam­mers may be able to use the per­sonal in­for­ma­tion ac­cessed, such as a per­son’s alma mater or maiden name, to guess that per­son’s pass­words or the an­swers to their se­cu­rity ques­tions when at­tempt­ing to log into their other on­line accounts.

She said scam­mers could also com­bine the kind of per­sonal in­for­ma­tion gleaned from Face­book with in­for­ma­tion that’s pub­licly avail­able and use the de­tails to pull other kinds of cons.

Face­book said it will send cus­tom­ized mes­sages to the 30 mil­lion af­fected users to ex­plain what in­for­ma­tion the hack­ers ac­cessed.

Mark Boster Los An­ge­les Times

THIS SIGN from 2012, erected in front of Face­book’s Menlo Park, Calif., cam­pus, would be ap­pro­pri­ate in 2018 af­ter the so­cial me­dia giant said it was hacked.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.