Update on Facebook hacks: almost 30 million user data has been stolen. How to find out if you are one of them

CLOSE

Facebook has announced that it has closed 559 Facebook pages and 251 accounts just before the mid-term elections. Veuer's Natasha Abellard has history.
Buzz60

SAN FRANCISCO – Facebook says that 20 million accounts have been violated less than one of the worst security incidents on the big social network – 30 million instead of 50 million – but the attackers have fled with sensitive personal information from almost half of those users who could put them at serious risk, including the phone number and email address, recent searches on Facebook, the location history and the types of devices used to access the service.

The hackers got their hands on data from 29 million accounts as part of last month's attack, Facebook revealed Friday. Originally, Facebook estimated that 50 million accounts could have been affected, but the company did not know if they had been compromised.

For about half of those whose accounts have been divided into about 14 million people, hackers looted large personal information such as the last 10 places where the Facebook user checked in, their city current and the 15 most recent searches. For the other 15 million, hackers have had access to the name and contact details, according to Facebook. The attackers did not receive any information from about 1 million people whose accounts were affected. Facebook claims that hackers did not have access to financial information, such as credit card numbers.

The company would not have said what was the motive of the attackers, but said it had no reason to believe that the attack was connected to the mid-term elections in November.

Facebook users can check if their data has been stolen by visiting the company Service center. Facebook says it will advise interested users on how they can protect themselves from suspicious e-mails and other attempts to exploit stolen data. Guy Rosen, vice president of product management for Facebook, said the company has seen no evidence of attackers exploiting stolen data or having been published on the obscure Web.

Interested users should look for unwanted phone calls, text messages or e-mails from people they do not know and try to use their e-mail address and phone number to choose as spam or phishing attempts for other information. Facebook users should also be wary of messages or e-mails claiming to be Facebook, the company said.

Third-party apps and Facebook apps like Instagram and WhatsApp have not been compromised, according to Facebook. Hackers were unable to access private messages, but messages received or exchanged by Facebook page administrators may have been exposed.

Security experts say the 14 million users who received extensive personal information are now extremely vulnerable. Colin Bastable, CEO of Lucy Security, which focuses on prevention and awareness of cybersecurity, has depicted a particularly distressing scenario.

"The truth is that as a result of this news, millions of phishing attacks will now be launched, pretending to be sent by Facebook. More than 20% of recipients will click and many of them will be attacked successfully, many of whom use them. work computers and mobile devices, "said Bastable. "Companies and governments will lose money, ransomware attacks will result from this loss and the attack will have repercussions for many months".

The culprits behind the huge hacks have not been publicly identified. The FBI is actively investigating the hack and has asked Facebook not to reveal any information about potential authors, Rosen said. When they revealed the violation two weeks ago, Facebook officials said they did not know who was behind the attacks.

The latest revelation, another in a series of security breaks that shook public confidence in Facebook, could intensify the company's political climate. An investigation is underway by the Irish Data Protection Commission and Rosen said that Facebook is also collaborating with the Federal Trade Commission and other authorities.

"Today's update by Facebook is significant now that it is confirmed that the personal data of millions of users have been taken by the perpetrators," he said in an Irish Data Protection Commission, Supervisory agency responsible for protecting privacy in the European Union. Tweet.

The extent of personal information compromised by the attackers has dealt a heavy blow to the public relations campaign Facebook has sought to convince the more than 2 billion people who regularly use the service to seriously protect their personal information after they were registered 87 million users accessed by the Cambridge Analytica political analysis society without their consent and Russian agents spread propaganda during and after the 2016 presidential election.

At the start of this week, Google recognized that half a million accounts on their social network Google + could have been compromised by a software bug. The admission has prompted lawmakers to request an FTC investigation. Both incidents could further fuel a Congressional push for a national privacy law to protect US users of technology company services.

"These companies have an infinity of information on Americans: violations do not simply violate our privacy, create enormous risks for our economy and national security," Commissioner of the Federal Trade Commission told TODAY, Rohit Chopra Chopra, after Facebook revealed the data breach. month. "The cost of inaction is growing and we need answers".

More: The biggest hacks on Facebook are getting hotter on Mark Zuckerberg

More: The violation of the 50 million Facebook account is already the biggest ever and could even get worse

More: Midterms: "Furious" Democrats buy the Facebook ad blitz on Kavanaugh, far exceeding GOP expenses

After the accounts were compromised last month, over 90 million users were forced to log out of their accounts as a security measure.

According to Facebook, the attackers exploited a feature of its code that allowed them to requisition user accounts. These accounts included Facebook CEO Mark Zuckerberg and his second in command, Sheryl Sandberg.

The attack started on September 14th. A peak in traffic has triggered an internal investigation. More than a week later, on September 25, Facebook identified the vulnerability and resolved it two days later.

The vulnerability was introduced in July 2017 when a feature was added that allows users to upload happy birthday videos.

The attackers exploited a vulnerability in the Facebook code that influenced "View as", a feature that allows people to see what their profile looks like to someone else. The feature was created to give users more control over their privacy. Three software bugs in the Facebook code linked to this feature allowed attackers to steal Facebook access tokens that they could then use to take ownership of people's accounts.

These access tokens are like the digital keys that keep people registered on Facebook so they do not have to re-enter their password every time they use Facebook.

Here's how it worked: once the hackers had access to a token for an account, call it Jane, they could then use "View as" to see which other account, such as Tom, could see on Jane's account. The vulnerability allowed attackers to also get an access token for the Tom account and the attack spread from there. Facebook has stated that it has disabled the "View as" function as a security precaution.

Last month, Facebook restored tokens of nearly 50 million accounts that they thought were interested, and as a precaution, it also reset tokens for another 40 million accounts that had used "View as" in the last year. Reset tokens disconnected Facebook users affected by the service.

Read or share this story: https://www.usatoday.com/story/tech/2018/10/12/facebook-hack-update-30-million-users-personal-information-stolen/1614394002/

Leave a comment

Send a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.