Facebook Says Hackers Accessed Sensitive Personal Information On 29 Million Users

Facebook

Facebook

On a conference call with reporters, Vice President of Product Management Guy Rosen said that at the request of the Federal Bureau of Investigation, which is investigating the hack, Facebook isn't providing any information about who the attackers are or their motivations or intentions.

That suggests Facebook may know or suspect who's behind the breach. Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen.

"For 15 million people, attackers accessed two sets of information - name and contact details (phone number, email, or both, depending on what people had on their profiles)", Mr Rosen wrote.

Attackers did not access any information for the remaining one million users.

The good news is this attack was just restricted to Facebook and didn't affect any other services including Instagram, WhatsApp, Messager Kids, etc.

A couple of weeks ago, Facebook disclosed an unprecedented data breach at the company.

The attackers took profile details such as birth dates, employers, education history, religious preference, types of devices used, pages followed and recent searches and location check-ins from 14 million users.

It was done automatically, Facebook's vice president of product management, Guy Rosen, said in a press call Friday, until the hackers amassed 400,000 accounts within their own network. However, hackers apparently did not have access to any third-party app data. US federal investigators and the Securities and Exchange Commission are also investigating the social media giant's response to revelations that political consultancy Cambridge Analytica improperly collected information from millions of Facebook accounts.

More news: Harrington In Line For Ryder Cup Captaincy As Westwood Withdraws
More news: Lagarde defends rate hikes after Trump's Fed attack
More news: Facebook's 3D photos are ready for your news feed

The breach forced users to log back into their accounts.

The hackers began by using a series of seed accounts and attacking the accounts of friends, then friends of friends, and so on down the line, eventually amassing a group of 400,000 compromised accounts.

Facebook says it noticed "an unusual spike of activity" on September 14, and on September 25, determined that it was being attacked. Facebook Messenger was also unaffected.

The attack prompted Facebook to take the unprecedented step of logging out the 50 million users whose accounts were exposed and logged out another 40 million users as a precautionary measure.

Company officials declined to say what countries the hackers had targeted, but described the security breach as a "broad" attack.

For 1 million, attackers only collected access tokens.

Facebook's lead European Union data regulator, the Irish Data Protection Commissioner, last week opened an investigation into the breach.

Earlier this year, Facebook came under fire for sharing heaps of data for over 87 million users with Cambridge Analytica.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.