Facebook says recent data breach wasn't 'related to the midterms'

Roman Schwartz
October 13, 2018

Facebook said Friday that hackers accessed personal data of 29 million users in a breach at the world's leading social network disclosed late last month.

The 29 million affected users, along with 1 million whose security tokens were taken but did not appear to have their data stolen, will be receiving customized messages from Facebook identifying specifically which types of information on their profiles, if any, were involved in the breach.

On Friday Facebook said hackers accessed names, email addresses or phone numbers from these accounts.

He said the FBI has asked the company " not to discuss who may be behind this attack" or to share other details that could compromise its investigation. Originally Facebook said 50 million accounts could have been affected, but Facebook didn't know if they had been misused.

Facebook now says nearly 30 million users were affected by a giant hack, but that the Federal Bureau of Investigation has asked it not to reveal the identity of the suspected culprit.

Facebook has been quick to let users check exactly what was accessed.

Beginning with a set of accounts controlled by the attackers, the exploit jumped from friends of those users to friends of friends, ballooning to the eventual total of 30 million accounts via an automated script.

The hack impacted 50 million accounts on the service. Facebook discovered the attack September 25.

Selena Gomez Reportedly Enters Mental Health Treatment Facility
On Wednesday night, the Baby singer looked despondent, as he made his as way to pray at Hillsong Church in Beverly Hills. Meanwhile, Hollywood Life noted that Selena had previously confessed that she had had a couple of weird months lately.

The vulnerability had existed in Facebook's code since July of 2017, and resulted in "an unusual spike of activity" September 14 of this year.

The attackers, Rosen said, would not have been able to access any message contents, unless the victim happened to be a Facebook Page admin whose Page had received a message from a Facebook user.

However, there is some good news: Facebook found no theft of highly personal messages or financial data, and saw no use of Facebook logins to access other websites, all of which would have been cause for greater concern.

Through a series of interrelated bugs in Facebook's programming, unnamed attackers stole the names and contact information of 15 million users, Facebook said.

Thomas Rid, a professor at the Johns Hopkins University, also said the evidence, particularly the size of the breach, seems to point to a criminal motive rather than a sophisticated state operation, which usually targets fewer people. Facebook says the problem has been fixed. The hack started with 400,000 profiles, then used the "Friends" and "Friends of Friends" features to get the "digital keys" for 30 million people, Rosen wrote. Another one million users had their accounts accessed but no information stolen.

The company said that it may still not know the full extent of the attack and wasn't ruling out the possibility of other "smaller-scale attacks" linked to the breach.

Rosen also said Facebook did not find any evidence suggesting the tokens were used with the Facebook Login feature either, which would have allowed the attacker to log into third-party apps via Facebook tokens.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER