Social media giant, Facebook, has revealed that a hack in September was affected 30 million accounts and allowed attackers to harvest millions of phone numbers, email addresses, and personal information.
The company had initially said 50m accounts were affected but now revised it ‘only’ 30 million.
According to Facebook VP of Product Management Guy Rosen, out of 30 million affected users, 14 million had their names, contact information and sensitive information, such as their gender, relationship status, and recent place check-ins, exposed to the attackers.
Other 15 million users had their names and contact information breached, and 1 million users solely had their access tokens stolen; Facebook has reset the access tokens for all of those users.
However, the attackers did not access any credit card information associated with members’ accounts, and that the company has not received any reports of stolen information being available on the dark web.
Moreover, the social networking website also revealed that no evidence was found that attackers used the stolen tokens to access any third-party apps, including those that use Facebook’s single-sign-in to log in. It also did not impact users on other Facebook properties such as Messenger, Instagram, WhatsApp, or Oculus.


The company said the breach is under investigation by the FBI, which asked Facebook “not to discuss who may be behind this attack.”
Customized messages that people will see depending on how they were impacted
The company also plans to notify the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls in the coming days.
In September, Facebook had apologized for a “security issue,” after discovering that hackers used a vulnerability in the platform’s code to steal other users’ ‘access tokens’ and log into their accounts. 50 million accounts were affected.
The company said that attackers could use Facebook’s “View As” tool – which lets a user see what their profile looks like to other users – to steal other users’ access tokens – digital keys that allow a user to stay logged into the social network without re-entering their password every time.
Attackers took advantage of a feature in the code, called ‘Access Tokens,’ to take over people’s accounts.

Facebook’s recent breach compromises 30m accounts’ personal data



Social media giant, Facebook, has revealed that a hack in September was affected 30 million accounts and allowed attackers to harvest millions of phone numbers, email addresses, and personal information.
The company had initially said 50m accounts were affected but now revised it ‘only’ 30 million.
According to Facebook VP of Product Management Guy Rosen, out of 30 million affected users, 14 million had their names, contact information and sensitive information, such as their gender, relationship status, and recent place check-ins, exposed to the attackers.
Other 15 million users had their names and contact information breached, and 1 million users solely had their access tokens stolen; Facebook has reset the access tokens for all of those users.
However, the attackers did not access any credit card information associated with members’ accounts, and that the company has not received any reports of stolen information being available on the dark web.
Moreover, the social networking website also revealed that no evidence was found that attackers used the stolen tokens to access any third-party apps, including those that use Facebook’s single-sign-in to log in. It also did not impact users on other Facebook properties such as Messenger, Instagram, WhatsApp, or Oculus.


The company said the breach is under investigation by the FBI, which asked Facebook “not to discuss who may be behind this attack.”
Customized messages that people will see depending on how they were impacted
The company also plans to notify the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls in the coming days.
In September, Facebook had apologized for a “security issue,” after discovering that hackers used a vulnerability in the platform’s code to steal other users’ ‘access tokens’ and log into their accounts. 50 million accounts were affected.
The company said that attackers could use Facebook’s “View As” tool – which lets a user see what their profile looks like to other users – to steal other users’ access tokens – digital keys that allow a user to stay logged into the social network without re-entering their password every time.
Attackers took advantage of a feature in the code, called ‘Access Tokens,’ to take over people’s accounts.

No comments:

Post a Comment