Last month, Facebook revealed that a security breach affected tens of millions of accounts at the social network, which boasts more than 2.2 billion monthly users.
Last month, Facebook revealed that a security breach affected tens of millions of accounts at the social network, which boasts more than 2.2 billion monthly users.
Now, according to an official statement by the company, the hackers stole access tokens for 30 million accounts, which allowed them to gain complete access to the profiles. The hackers accessed basic contact information such as name, email address or phone number of over 30 million accounts. Apart from this, hackers also accessed additional information such as gender, religion, location and device information from another 15 million accounts.
“We’re cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack,” Facebook said on a blog post. It also added that the attack did not include Instagram, Facebook Messenger, WhatsApp, Oculus, WorkPlace, Pages, Payments and third-party apps/advertising.
Hackers took advantage of a "complex interaction" between three software bugs, which required a degree of sophistication. The vulnerability was created by a change to a video uploading feature in July of 2017. It involved a flaw in a "See As" feature that showed Facebook what their profiles look like to other people at the social network. Using the feature generated digital keys, called "access tokens," which let users stay connected to their accounts without having to enter passwords anew.
Hackers were able to steal copies of the digital keys, giving them the same access and control of accounts as their legitimate owners. On September 16, Facebook noticed a spike in activity that prompted it to investigate. On September 25, Facebook engineers determined hackers had launched a sophisticated attack exploiting the vulnerability. A fix was in place two days later and stolen tokens rendered useless. Facebook did not disclose when hackers first took advantage of the flaw, saying the investigation was early.
Information hackers appeared interested in included names, genders, and home towns, but it was not clear for what purpose, the executives said in a telephone briefing. Facebook said it was still trying to figure out what, if anything, hackers did in violated accounts.
It did not seem at the outset that messages or posts were tampered with, and there was no access to banking or password information, according to the social network. Given that digital keys opened Facebook doors wide to hackers, they would have had the ability to reach into third party applications linked to social network accounts.
They would have been able to get into linked accounts including Messenger or Instagram, both owned by Facebook, but not into the social network's WhatsApp service. An analysis of logs of third-party applications turned up no sign they were meddled with by the hackers, Facebook said on October 2.
Facebook earlier said that "up to 50 million accounts" were directly affected, meaning hackers swiped digital keys. According to the Data Protection Commission in Ireland, five million or fewer European users were among those affected. An additional 40 million accounts that used the "View As" feature had tokens reset although it didn't appear they were targeted by hackers.
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Facebook")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}