FBI has asked Facebook not to discuss who may be behind this attack.
On September 28th, 2018 the social media giant Facebook announced that it suffered a massive data breach in which hackers stole access tokens of millions of accounts after exploiting a critical vulnerability in its “View As” feature. At that time, the estimate was that around 50 million users have been impacted while details regarding data accessed by hackers were unknown.
Now, after conducting an investigation; Facebook has revealed that in total around 30 million users were impacted out of which 14 million victims had their usernames, location, device types, contact details, recent searches, relationship status, date of birth, religion, education, page likes, people they follow, places they checked in and work-related details.
In the case of another 15 million users, hackers accessed names and contact details including email address and phone numbers. In the case of a further 1 million people, hackers could not access any information.
Facebook is cooperating with the FBI (Federal Bureau of Investigation) and for now, the Bureau has urged the company not to share details about who may be involved in this attack.
We’re cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack, wrote Guy Rosen, VP of Product Management in a blog post on Friday.
For those who are unaware of View As, it is a feature on Facebook which lets users see how their profiles look to others. However, the View as’ feature has been temporarily suspended.
“First, the attackers already controlled a set of accounts, which were connected to Facebook friends. They used an automated technique to move from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on, totaling about 400,000 people, said Rosen.” “In the process, however, this technique automatically loaded those accounts’ Facebook profiles, mirroring what these 400,000 people would have seen when looking at their own profiles.”
Facebook is sending notifications to affected members however you can Facebook’s help center for more details on the breach.
The latest incident is yet more embarrassment for Facebook after the Cambridge Analytica (CA) incident in which the social media giant provided access to 50 million of its user’s profiles to a UK based data analysis and data mining firm. In the recent case, under the General Data Protection Regulation (GDPR), Facebook could face a fine as big as $1.6bn.
Image credit: Depositphotos