Published: Mon, October 15, 2018
Money | By Arnold Ball

Facebook downgrades breach count from 50 million to 30 million users

Facebook downgrades breach count from 50 million to 30 million users

Rosen reiterates that people's accounts "have already been secured" by what Facebook did two weeks back when they prompted millions of users to reset the access tokens. The attackers didn't take any information from about 1 million people whose accounts were vulnerable.

But for about half of those whose accounts were broken into-about 14 million people-the hackers accessed intimate information, such as the last 10 places that person checked into, their current city and their 15 most-recent searches, the company said Friday.

"We now know that fewer people were impacted than we originally thought", Facebook vice president of product management Guy Rosen said in an online post.

Facebook says that while they believed 50 million accounts had their access tokens exposed to the breach, only 30 million people "actually had their tokens stolen".

It said the vulnerability in Facebook code had existed between July 2017 and September 2018, which was the result of a complex interaction of three distinct software bugs.

That feature allows users to check privacy settings by glimpsing what their profile looks like to others. "This allowed them to steal Facebook access tokens, which they could then use to take over people's accounts", it added.

Facebook is disclosing for the first time that hackers accessed data from 29 million accounts as part of the breach.

Tua Tagovailoa opened Alabama's game vs. Arkansas with a flawless stat line
In the latest Associated Press poll, Alabama sits at No. 1 followed by Georgia , Ohio State , Clemson and Notre Dame . Backup quarterback Jalen Hurts has as many touchdown passes (five) as Auburn's starting quarterback Jarrett Stidham .

Whodunnit? The social network says the Federal Bureau of Investigation has asked it not to comment on who may have been responsible for the attack while the Feds investigate. The hackers used the access tokens from Sep. It would appear, a change in user password, was also the collective need of the hour although Facebook does not categorically say that users need to do that. They then used the same vulnerability over and over again until they gathered tokens for around 400,000 accounts, which Rosen referred to as "seed accounts".

Last month, Facebook reset the tokens of almost 50 million accounts that it believed were affected and, as a precaution, also reset the tokens for another 40 million accounts that had used "View As" in the past year.

On September 14, Facebook engineers had detected some unusual activity on the social media platform's networks.

Once they had the tokens for the seed accounts, Rosen said the attackers used the tokens to access the 400,000 accounts and deployed scripts to harvest even more tokens at a larger and automated scale. Facebook also provided a list of the kind of data that was stolen/used by hackers during the breach.

All Facebook users compromised during the ordeal will be notified of the happening in the coming days, Facebook promised.

At the time, Chief Executive Officer Mark Zuckerberg - whose own account was compromised - said attackers would have had the ability to view private messages or post on someone's account, but there's no sign that they did. Facebook has sent customized messages that people will see depending on how they were impacted.

Facebook said third-party apps that use a Facebook login and Facebook apps like WhatsApp and Instagram were unaffected by the breach.

Like this: