Write For Us

Facebook says fewer users were affected by a data breach — but more information was taken


© Josh Edelson/AFP/Getty Images   A car passes by Facebook's corporate headquarters location in Menlo Park, California, on March 21, 2018.

By Brian Fung, The Washington Post

An online attack that forced Facebook to log out 90 million users last month directly affected 29 million people on the social network, the company said Friday as it released new details about the scope of an incident that has regulators and law enforcement on high alert.

Through a series of interrelated bugs in Facebook’s programming, unnamed attackers stole the names and contact information of 15 million users, Facebook said. The contact information included a mix of phone numbers and email addresses.

An additional 14 million users were affected more deeply, having additional details taken related to their profiles, such as their recent search history, gender, educational background, geolocation data, birth dates, and lists of people and pages they follow.

Facebook said last month that it detected the attack when it noticed an uptick in user activity. An investigation soon found that the activity was linked to the theft of security codes that, under normal circumstances, allow Facebook users to navigate away from the site while remaining logged in.

The bugs that allowed the attack to occur gave hackers the ability to effectively take over Facebook accounts on a widespread basis, Facebook said when it disclosed the breach. The attackers began with a relatively small number of accounts that they directly controlled, exploiting flaws in the platform’s “View As” feature to gain access to other users' profiles. (The “View As” feature is designed to allow users to view their own profiles as though they are somebody else.)

Facebook said it is cooperating with federal and other authorities on its investigation but said the FBI had advised the company not to discuss who may be behind the attack.

The 29 million affected users, along with 1 million whose security tokens were taken but did not appear to have their data stolen, will be receiving customized messages from Facebook identifying specifically which types of information on their profiles, if any, were involved in the breach. Facebook executives told reporters Friday that the company will also try to reach affected users who have since deleted their Facebook profiles.

Facebook has also established a Web page that will inform users who are logged in whether their accounts were affected.

What may have motivated the attackers is still unclear; despite mounting concerns about election security as U.S. officials count down to a highly contested midterm election, Facebook said there was no indication the hack was specifically related to the U.S. electoral process.

“We don’t have a specific indication as to the intention of the hackers,” said Guy Rosen, Facebook’s vice president of product management.

Although the hackers could have used the flaw to steal information belonging to other, third-party apps that use Facebook as a login method, Facebook said Friday that no outside apps appear to have been affected. Neither Instagram nor WhatsApp appears to have been compromised, the company added. Facebook Messenger was also unaffected.

User messages could have been exposed in one specific use case, officials said. If an affected user had been the administrator of a Facebook page, and the page had received a message from another user, that message may have been compromised, Facebook said.

Facebook’s disclosure puts the company under even greater pressure as policymakers have taken the company to task over its approach to user privacy and data.

“The update from Facebook today is significant now that Facebook has confirmed that the personal data of millions of users was taken by the perpetrators of the attack," said Ireland’s Data Protection Commission — the watchdog agency charged with monitoring compliance with the European Union’s new data privacy law. It said it was continuing an investigation into the breach.

The Federal Trade Commission — which Facebook said it is cooperating with — didn’t immediately respond to a request for comment.

The spotlight on tech companies intensified further this week as Google said that half a million accounts on its Google+ social networking service could have had information leaked as a result of a software bug. The admission prompted lawmakers to demand answers from the company and call for an FTC investigation.

The incidents could add momentum to a congressional push for a comprehensive U.S. privacy law covering tech companies, Internet providers and others in the online ecosystem.


Note: If you think this story need more information or correction, feel free to comment below your opinion and reaction.
Like & Follow to Stay Updated ...


AI,3,Amazon,1,Apple,5,Emoji,1,Facebook,17,Games,35,Google,7,Instagram,6,Science,205,Security,4,Social Media,24,Tech,242,Technology,1396,Tesla,5,Twitter,4,
Technology - U.S. Daily News: Facebook says fewer users were affected by a data breach — but more information was taken
Facebook says fewer users were affected by a data breach — but more information was taken
Technology - U.S. Daily News
Loaded All Posts Not found any posts VIEW ALL Read More Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy