Breaking News

Sony Unveils Sony FE 100mm F2.8 Macro GM OSS Creative Launches Aurvana Ace 3 GIGABYTE Announces Availability of 27” QHD 280Hz WOLED Gaming Monitor MO27Q28G with 4-Sided Borderless Design Crucial ® LPCAMM2 Powers AI-Ready Laptops With Breakthrough 8,533MT/s Speeds Logitech announces MX Master 4

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Hackers Stole Phone Number and Email Details of 29 Million Facebook Users

Hackers Stole Phone Number and Email Details of 29 Million Facebook Users

Enterprise & IT Oct 12,2018 0

Facebook on Friday provided more details about the recently disclosed security breach, saying that the attackers stole names and contact details of 29 million users.

Facebook said that the attackers exploited a vulnerability in Facebook's code that existed between July 2017 and September 2018. The vulnerability was the result of a complex interaction of three distinct software bugs and it impacted "View As," a feature that lets people see what their own profile looks like to someone else. It allowed attackers to steal Facebook access tokens, which they could then use to take over people's accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app.

On September 25, Facebook identified the attack and the vulnerability. Within two days, the company says it closed the vulnerability, stopped the attack, and secured people's accounts by resetting the access tokens for people who were potentially exposed. As a precaution, the company also turned off "View As."

Facebook said that about 30 million users had their tokens stolen.

First, the attackers already controlled a set of accounts, which were connected to Facebook friends. They used an automated technique to move from account to account so they could steal the access tokens of those friends, and for friends of those friends, and so on, totaling about 400,000 people. In the process, however, this technique automatically loaded those accounts' Facebook profiles, mirroring what these 400,000 people would have seen when looking at their own profiles. That includes posts on their timelines, their lists of friends, Groups they are members of, and the names of recent Messenger conversations. Message content was not available to the attackers, with one exception. If a person in this group was a Page admin whose Page had received a message from someone on Facebook, the content of that message was available to the attackers.

Facebook said that the attackers used a portion of these 400,000 people's lists of friends to steal access tokens for about 30 million people. For 15 million people, attackers accessed two sets of information - name and contact details (phone number, email, or both, depending on what people had on their profiles). For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches. For 1 million people, the attackers did not access any information.

You can check whether they were affected by visiting Facebook's Help Center. In the coming days, the company will send customized messages to the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls.

Facebook said on a conference call that Facebook will not provide country-by-country breakdowns of the affected users.

"We're cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack," Facebook said on a blog post.

Facebook did not rule out the possibility of smaller-scale attacks and said it would continue to investigate.

Tags: facebookHacking
Previous Post
Samsung Mobile CEO Confirms New Foldable Phone will Also be a Tablet
Next Post
TSMC Said to be the Sole Maker of the 7nm Apple A13 Chips

Related Posts

  • MSI has been hacked, be warned about where you download files

  • Hackers gain access to PS5 Debug Menu and show decrypted PS5 firmware files

  • HP Threat Research Shows Attackers Exploiting Zero‐Day Vulnerability Before Enterprises Can Patch

  • EA Gets hacked - 780GB of data and sourcecode stolen

  • EU Privacy Watchdog Accused of Delaying Probe Procedures Against Facebook

  • Zuckerberg Says Remote Work is Here to Stay

  • Facebook to Launch New Shopping Feature Across Apps

  • EU Tech Chief Demands More From Facebook Regarding Business Practices

Latest News

Sony Unveils Sony FE 100mm F2.8 Macro GM OSS
Cameras

Sony Unveils Sony FE 100mm F2.8 Macro GM OSS

Creative Launches Aurvana Ace 3
Consumer Electronics

Creative Launches Aurvana Ace 3

GIGABYTE Announces Availability of 27” QHD 280Hz WOLED Gaming Monitor MO27Q28G with 4-Sided Borderless Design
Gaming

GIGABYTE Announces Availability of 27” QHD 280Hz WOLED Gaming Monitor MO27Q28G with 4-Sided Borderless Design

Crucial ® LPCAMM2 Powers AI-Ready Laptops With Breakthrough 8,533MT/s Speeds
Enterprise & IT

Crucial ® LPCAMM2 Powers AI-Ready Laptops With Breakthrough 8,533MT/s Speeds

Logitech announces MX Master 4
Enterprise & IT

Logitech announces MX Master 4

Popular Reviews

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Terramaster F8-SSD

Terramaster F8-SSD

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Soundpeats Pop Clip

Soundpeats Pop Clip

Akaso 360 Action camera

Akaso 360 Action camera

Dragon Touch Digital Calendar

Dragon Touch Digital Calendar

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed