Recently, Facebook was under the radar when it disclosed a security breach where data of millions of users were exposed. It said that hackers accessed a wide range of information including emails, phone numbers, sites visited and places checked into. This information was hacked from millions of accounts which became a part of a security breach. Data from 29 million accounts was stolen. Originally Facebook said that 50 million accounts were affected but were unaware of how much information had been misused.
Facebook said on Friday that there is no evidence of this which is related to the midterms elections.
On Friday Facebook announced that hackers accessed names, email addresses and phone numbers from the hacked accounts. For 14 million users, hackers got much more data which included hometown, birthdate, last 10 places which the users checked into or the 15 most recent searches. In addition to this, 1 million more accounts were affected, but hackers didn’t get any information from these accounts.
Facebook is not ready to provide a breakdown of the location of users whose accounts were hacked, but said that the breach was “fairly broad.”
It also added that they plan to send messages to users whose accounts were hacked. They said that third-party applications which used a Facebook login or Facebook applications such as WhatsApp and Instagram were unaffected by the breach. They added that the FBI is investigating, but requested the company to refrain from discussing the core team behind this attack. They also added that they have kept a strong eye on small-scale attacks which used the same vulnerability as the current one.
The social media giant said that the attackers got the ability to “seize control” of those user accounts by accessing the digital keys that the company uses to keep these users logged in. This was done by exploiting three distinct bugs that are present in Facebook’s code.
The hackers initially started with a set of accounts over which they owned control and used an automated program to access the digital keys for the accounts which were “friends” with the accounts that had already been hacked. This expanded to “friends of friends” further and gave access to more than 400,000 accounts, and rising up to reach 30 million accounts. No evidence against the hackers posting anything from hacked accounts has been found. Also, no evidence regarding viewing of private messages has been found.
Facebook said that the bugs in the code have been fixed and hacked accounts have been logged out in order to reset the digital keys.
Vice President of Facebook, Guy Rosen said- “We hadn’t ruled out the possibility of smaller-scale efforts to exploit the same vulnerability which the hackers used before it was disabled.”
Facebook has a website which can be used by 2 billion global users with the aim of checking if their accounts had been hacked or not, and if hacked, what exactly was stolen. It also provides guidelines on how to deal with suspicious emails or texts.
In addition to this, Facebook also plans to send direct messages to people who were affected by the hack.
The founder of Moor Insights & Strategy, Patrick Moorhead, said- “The breach appears similar to the identity theft breaches that occurred at companies in the past which includes Yahoo and Target in 2013. The personal details could be very easily used for identity theft to sign up for credit cards, get a loan, get your banking password, etc. Facebook should provide all those customers free credit monitoring to make sure the damage is minimized.”
Thomas Rid, one of the professors at the Johns Hopkins University, said- “The evidence and most importantly, the size of the breach, looks like a criminal motive point rather than a sophisticated state operation, which usually targets fewer people. This doesn’t sound targeted at all. Usually, while looking at a sophisticated government operation, a couple of thousand people hacked is a large amount, but the targets are very clear to the hackers.“