Facebook says attackers stole details from 29 million users

Facebook says attackers stole details from 29 million users

Social media giant Facebook on Friday said hackers stole personal details of 29 million people last month.

For 14 Mn people, the attackers accessed the same two sets of information, as well as other details people had on their profiles, including username, gender, locale/language, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into, etc. The attackers didn't take any information from about 1 million people whose accounts were vulnerable.

The attackers had access to a limited number of accounts to begin with, and it's not clear if these were bogus to begin with, but they were connected to other "friends" on the site.

Originally Facebook said 50 million accounts could have been affected, but they did not know if they had been misused.

Facebook has said the attackers gained the ability to "seize control" of those user accounts by stealing digital keys the company uses to keep users logged in.

That feature allows users to check privacy settings by glimpsing what their profile looks like to others.

The social networking service Facebook plans to send messages to people whose accounts have been hacked. Facebook is writing the affected user to inform them about the breach in their private information. The company said it will continue to investigate "other ways the people behind this attack used Facebook". In short, it allowed hackers to generate tokens that allow access to user profiles.

The breach was the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had their personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016. Ultimately this got them access to about 400,000 people.

Here's how it worked: Once the attackers had access to a token for one account, call it Jane's, they could then use "View As" to see what another account, say Tom's, could see about Jane's account.

These details were exposed sometime between September 14 and September 25 this year, when the company first discovered the security breach due to a sudden uptick in activity. When it first reported the breach September 28, Facebook said the number of those affected was about 50 million.

The network also said Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, as well as advertising or developer accounts were not affected. In additional good news, the company said hackers weren't able to access more sensitive information like your password or financial information. Those users will need to log back in to Facebook.

If your account was hacked you will see a message similar to the one shown below which comes from a New York Times reporter's account which was compromised.

While only a smaller portion of the affected users were EU nationals, the fact that European authorities already got involved into the matter is another cause for concern on Facebook's part as the recently enacted General Data Protection Regulation provides regulators on the Old Continent with a clear-cut road to litigation should they determine Facebook failed to provide its users with a basic level of protection.

Related Articles