Facebook Says Fewer Users Impacted by Recent Cyberattack than First Thought

Ivan Schwartz
October 14, 2018

In a conference call today, Facebook's Guy Rosen said that the company was working with the Federal Bureau of Investigation, but had been advised not to comment on who the perpetrators might be. As if the company wasn't already having a tough time regaining the trust of its user base, Facebook's now announced that information for around 30 million people was exposed during an attack it shut down in September.

In its update, Facebook said that the company was cooperating with the American law-enforcement agency and that 30 million people were affected, down from its original estimate of 50 million.

Rosen also specified that this breach only affected Facebook, and not Instagram, WhatsApp, or any other apps. The attackers then used the list of friends they collected to "eventually steal access tokens for about 30 million people".

According to Facebook VP of Product Management Guy Rosen, attackers were able to access name and contact information for half of the hacked accounts. Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen. It also did not affect payments, advertising or third-party apps as had previously been reported by some outlets.

The social media giant has said the attackers gained the ability to "seize control" of those user accounts by stealing digital keys the company uses to keep users logged in.

Those tokens, which were stolen by taking advantage of three software bugs relating to the platform's View As profile feature, essentially allow an attacker to hijack the Facebook profiles of affected individuals. Some of that data-including phone numbers, email addresses, birth dates, searches, location check-ins, and the types of devices used to access the site-came from private accounts or was supposed to be restricted only to friends.

The automated process the hackers used to target their Facebook friends would load their profiles through the "View As" tool, which let people see how their profiles looked to others.

Roger Federer stunned by spectacular Borna Coric service display at Shanghai Masters
The Croatian stunned the 20-time grand slam champion 6-4 6-4 in what was an unusually error-strewn performance from Federer. It was also the second time this year that 21-year-old Coric has defeated Federer .

United Nations criticized over latest picks for rights council
The UN drew criticism on Friday for allowing countries with dismal human rights records to join its Human Rights Council. Bangladesh is among the five countries elected from the Asia and Pacific region for three years from January, 2018.

May to hold Brexit War Cabinet to agree backstop plan
The document stated that the UK Government "expects" this arrangement to remain in place no later than the end of December 2021.

But what should you do if your account has been affected?

The vulnerability had existed in Facebook's code since July of 2017, and resulted in "an unusual spike of activity" September 14 of this year.

On that page, following some preliminary information about the investigation, the question "Is my Facebook account impacted by this security issue?" appears midway down. At the time, Facebook invalidated the access tokens for nearly 90 million accounts as a precaution, and notified users that were logged out why that had happened. The hackers had been active for 11 days before Facebook staff noticed something was wrong. The news quickly made headlines around the world causing many to worry about their own accounts.

You will see a box that will say whether attackers took your data, what they took, and more information as to how to proceed.

This, as it sounds, is very bad.

It will also provide guidance on how to spot and deal with suspicious emails or texts.

Other reports by GizPress

Discuss This Article