Late last calendar month , Facebookdiscloseda monolithic security measure exposure that it claimed affected some 50 million login souvenir , but details were jolly thin on its impact pending further investigation . In ablog posttoday , the issue are in some ways comfortably and worse .
The company believes its initial estimate of 50 million compromised login tokens — it reset 90 million in total as a cautionary measurement — was generous , and Facebook now believes the number of accounts affect to be closer to 30 million . That ’s the good news , if you could call it that .
For 400,000 of the accounts , which these aggressor used to seed the process of gathering login tokens , personal info , such as “ posts on their timeline , their lists of champion , Groups they are members of , and the name of recent Messenger conversations ” and , in one instance , actual message subject matter , were compromise . Of the 30 million ensnared in the attempt , Facebook believes that for around half , epithet and contact lens information — mean sound numbers , electronic mail address , or both — were visible to the aggressor ; 14 million of that pool had that same information scrape as well as myriad other personal details , which Facebook believes could check any of the following :
[ U]sername , gender , locale / language , relationship status , religion , hometown , ego - reported current city , birthdate , gimmick character used to access Facebook , education , work , the last 10 places they hold back into or were chase after in , website , multitude or Pages they follow , and the 15 most late searches
Facebook believes only 1 million of the total compromise accounts had no personal information accessed whatsoever .
commence with a set of account controlled by the attacker , the effort jumped from friends of those substance abuser to protagonist of friends , ballooning to the eventual total of 30 million account via an automated playscript . Facebook reaffirmed that third - party apps were not accessed using the stolen tokens , and that the vulnerability did not affect other services the company owns , like WhatsApp or Instagram .
The exposure had existed in Facebook ’s computer code since July of 2017 , and ensue in “ an strange spike of activeness ” September 14 of this twelvemonth . It would be almost two weeks before the activity was determined to be a lawful onset , and to have the exploit patched . Facebook is work alongside the FBI , and grant to remark by Vice President of Product Management Guy Rosen this afternoon , the agency ’s probe seems to be on-going . When asked if any figure exist among the dupe or who might have been behind the attack , Facebook cited an FBI postulation not to unwrap such entropy . Rosen did state the company does not believe the onslaught was directly related to the coming U.S. midterm elections .
concord to Rosen , a instrument in Facebook ’s help center will now show users if they were affected and what selective information may have been let on . Users will also see a “ customized message ” in the fall day to wait on in prophylactic measures .
CybersecurityHackersMark Zuckerberg
Daily Newsletter
Get the best tech , science , and refinement news in your inbox daily .
News from the future , delivered to your present .
You May Also Like
