Hackers exploited a security breach in the social network and gained access to sensitive information from approximately 30 million Facebook users. Today, on 12th October, Facebook confirmed a malicious attack took place during the period between 14th and 27th September. The company made a public announcement providing an update on the type of data stolen and the attack scope.
The company first discovered the incident on September 25. An abnormal spike in activity was detected earlier on September 14. The vulnerability, however, was identified only 11 days later. Hackers reportedly used a flaw in Facebook’s “view as” feature. “By the complex interaction” of the flaw and two other bugs in the system caused the vulnerability that let attackers steal access tokens for 30 million accounts. The affected number of users is less than a previous estimate of 50 million. The network used access tokens akin to a digital key, which allowed to request user information from the server without having to type a password.
Besides the name and contact information (email or phone number), 14 millions users also had additional account data accessed. The additional information includes date of birth, gender, types of devices logged in, 15 most recent searches in Facebook, subscriptions on the network, 10 most recent locations to be checked in and other specific information. Crucially, Facebook claims no account passwords or payment card details were stolen. Furthermore, no data was obtained from third-party apps linked to accounts. Users of Facebook products like Instagram, Messenger and WhatsApp were not affected by the attack either.
The company pledges to notify all users through the Help Center in the coming days. The Toshi Times reporter’s account was fortunate enough to be among the users impacted by the security breach. The corresponding notice informs of the fact of the attack and lists the categories of data stolen by hackers. The message from the company contains no recommendations of active measures for users to protect themselves.
Facebook’s latest disclosure comes at a time of increased public attention to the matter of privacy and security on the network. The company was at the center of controversy in the United States and beyond after two newspapers covered a data breach exploited by the research firm Cambridge Analytica. The data analytics term worked with Donald Trump’s election team and winning Brexit campaign. The data harvested from Facebook was allegedly used to predict and influence choices at the ballot box.
The increased scrutiny for the social network causes doubts about the integrity of users data. In solving the security issues, the company may turn to a blockchain solution considered more resistant to data manipulations. A decentralised system excludes a central point of control, which makes it more durable to malicious attacks. A new Blockchain Team was launched by the company this year set to explore possible applications of blockchain technology across Facebook.
Image Source: “Flickr”