Arthur J. Villasanta – Fourth Estate Contributor
Menlo Park, CA, United States (4E) – Facebook says 30 million users, and not 50 million as it initially revealed, were compromised by a recent security breach.
It admitted that 400,000 users had their accounts nearly fully accessed while another 14 million had broad categories of personal data stolen. Initially, Facebook said it wan’t clear whether any information had been stolen.
In late September, Facebook detected unusual activity in the compromised accounts and discovered the flaws that allowed the hackers entry. These bugs were later disabled.
More disturbingly, Facebook has confirmed hackers accessed personal details in most of those cases. Facebook hasn’t revealed a suspect or a motive at the FBI’s request. The bureau is actively investigating the hack attack.
Fifteen million of users had their names and contact details accessed. These details could have included their email addresses or phone numbers. Hackers also gained access to the accounts of about one million users, but did not steal any data, claimed Facebook.
In the more serious breach, 14 million people had a lot of their data stolen. The stolen data included their gender, religion, relationship status, birthday, current city and hometown, device types, education and work history.
Hackers also saw those users’ last 15 searches, and the last 10 locations they either checked into or were tagged by someone else.
The 400,000 users whose accounts were first hacked were the most seriously compromised. Hackers read their posts; their friend lists; their group memberships and the names of recent message conversations.
Facebook pointed out no passwords were compromised, but hackers were able to gain “access tokens” that let them use accounts as though they were logged in as another person.
It said the attacks took place from Sept. 14 to 27. The hackers moved controlled one account at first. From here, they accessed that account’s friends to initially steal access tokens for 400,000, and 30 million more accounts before they were detected.
“We have no reason to believe the attackers were interested in that information” from those 400,000 users, claims Guy Rosen, Facebook vice president of product management. “They were (doing) that in order to get the access tokens for those people’s friends.”
The company also said the hackers could hypothetically have been able to view the last four characters of users’ credit card numbers, but there is no evidence they sought out that information.
Article – All Rights Reserved.
Provided by FeedSyndicate