This file photo taken on May 16, 2018 shows a figurine carrying the logo of social network Facebook in Paris. Facebook on October 11, 2018 said it shut down 251 accounts for breaking rules against spam and coordinated deceit, some of it by ad farms pretending to be forums for political debate. The move came as the leading social network strives to prevent the platform from being used to sow division and spread misinformation ahead of US elections in November.
AFP/Joel Saget
Facebook says hackers accessed data of 29 million users
Glenn Chapman (Agence France-Presse) - October 13, 2018 - 12:30pm

SAN FRANCISCO, United States — Facebook said Friday that hackers accessed personal data of 29 million users in a breach at the world's leading social network disclosed late last month.

The company had originally said up to 50 million accounts were affected in a cyberattack that exploited a trio of software flaws to steal "access tokens" that enable people to automatically log back onto the platform.

"We now know that fewer people were impacted than we originally thought," Facebook vice president of product management Guy Rosen said in an online post.

The hackers -- whose identities are still a mystery -- accessed the names, phone numbers, and email addresses of 15 million users, he said.

For another 14 million people, the attack was potentially more damaging.

Cyberattackers accessed that data plus additional information including gender, religion, hometown, birth date, and places they had recently "checked in" to as visiting, according to Facebook.

No data was accessed in the accounts of the remaining one million people whose "access tokens" were stolen, according to Rosen.

The attack did not affect Facebook-owned Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts, the company says.

'Vulnerability' in the code

Facebook said engineers discovered a breach on September 25 and had it patched two days later.

That breach allegedly related to a "view as" feature -- described as a privacy tool to let users see how their profiles look to other people. That function has been disabled for the time being as a precaution.

"It's clear that attackers exploited a vulnerability in Facebook's code," said Rosen.

"We've fixed the vulnerability and informed law enforcement."

Facebook reset the 50 million accounts it thought could have been affected, meaning users will need to sign back in using passwords.

The breach was the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had their personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.

"We face constant attacks from people who want to take over accounts or steal information around the world," chief executive Mark Zuckerberg said on his own Facebook page when the breach was disclosed.

"While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place."

Facebook said it took a precautionary step of resetting "access tokens" for another 40 million accounts which had accessed the "view as" function. Those users will need to log back in to Facebook.

FACEBOOK SECURITY TEAM
Philstar
  • Latest
Latest
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

SIGN IN
or sign in with