CLOSE

Facebook has announced that they have closed 559 Facebook pages and 251 accounts just before the midterm elections. Veuers Natasha Abellard has the story.
Buzz60

SAN FRANCISCO – Facebook says that in one of the worst security incidents in the huge social Network – 30 million instead of 50 million – 20 million accounts were less violated than previously thought, but attackers with sensitive personal information from nearly half of the users who could seriously endanger them, including phone number and email address, recent searches on Facebook , Location History and the type of devices people used to access the service

Hackers received data from 29 million accounts in the last month's attack, Facebook said Friday. Facebook originally estimated that 50 million accounts could be affected, but the company did not know if they had been compromised.

About half of those whose accounts were disbanded – some 14 million people – plundered hackers with extensive personal information such as the last 10 places Facebook users checked in, their current city, and their 15 recent searches. For the other 15 million hackers attacked according to Facebook names and contact information. Attackers have no information from about 1 million people whose accounts were affected. Facebook says hackers have no access to financial information, such as credit card numbers.

The company did not want to say what the motive was, but said it had no reason to believe the attack was related to the November elections.

Facebook users can verify that their data has been stolen by visiting the company's help. Facebook says it will inform affected users how to protect themselves from suspicious emails and other attempts to exploit the stolen data. According to Guy Rosen, vice president of product management at Facebook, the company has found no evidence that attackers are taking advantage of the stolen data or that it has been posted on the Internet.

Affected users should look for unwanted calls, text messages or emails from people they do not know, and try to use their email address and phone number to target or try for spam To search for information. Facebook users should also be wary of messages or emails claiming to be from Facebook, the company said.

According to Facebook, third-party apps and Facebook apps like Instagram and WhatsApp were not compromised. Hackers could not access private messages, but messages received or exchanged by Facebook page administrators could be unmasked.

Security experts say that the 14 million users who had extensive personal information are extremely vulnerable. Colin Bastable, CEO of Lucy Security, which focuses on cybersecurity prevention and awareness, painted a particularly bleak scenario.

"The truth is that as a result of these messages, millions of phishing attacks pretending to be from Facebook are started, as many as 20 percent of the recipients will click and a large number of them will be successfully attacked Work computers and mobile devices, "said Bastable. "Businesses and governments will lose money, ransomware attacks will result from this leak, and the attack will last for many months."

The culprits behind the massive hack have not been publicly identified. The FBI is actively investigating the hack and asking Facebook not to release information about possible perpetrators, Rosen said. When they revealed the gap two weeks ago, Facebook officials said they did not know who was behind the attacks.

The recent revelation, another in a series of security holes that have shaken public confidence in Facebook, could further aggravate the political heat the company. An investigation by the Irish Data Protection Commission is under way, and Rosen said that Facebook is also working with the Federal Trade Commission and other agencies.

"Today's update of Facebook is now significant as it confirms that the personal data of millions of users were" The perpetrators of the attack, "said the Irish Data Protection Commission, the data protection authority responsible for data protection in the European Union, in a tweet.

The extent of personal information compromised by attackers has dealt a blow to public relations Campaign Facebook has tried to convince the more than 2 billion people who regularly use the service that it is serious about protecting their personal information, after the accounts of 87 million users have been accessed by the political targeting firm Cambridge Analytica without their consent and Russian agents spread propaganda while and after the presidential elections of 2016.

Earlier this week Google admitted that half a million accounts in its social network Google + by one Software errors could be at risk. The approval prompted the legislature to request an investigation by the FTC. Both incidents could further boost the impetus for a National Data Protection Law Congress to protect US corporate tech service users.

"These companies have a terrifying amount of information about Americans, violations not only violate our privacy, they cause enormous risks to our economy and national security," said EU Commissioner Rohit Chopra Chopra to USA TODAY, after Facebook last month the data breach had been announced. "The cost of inaction grows and we need answers."

More: Biggest Facebook hack of all time about Mark Zuckerberg

More: Facebook's 50 million account violation is already the biggest ever – and may get worse

More: Midterms: & # 39; Furious & # 39; Democrats Back Flash of Facebook Ads on Kavanaugh Far Behind GOP Issues

After compromising accounts last month, more than 90 million users had to log out of their accounts as a security measure.

Facebook says that attackers exploited a feature in their code that allows them to manage user accounts. These accounts included Facebook CEO Mark Zuckerberg and his deputy Sheryl Sandberg.

The attack began on September 14th. A traffic jam triggered an internal investigation. More than a week later, on September 25, Facebook identified the vulnerability and corrected it two days later.

The vulnerability was introduced in July 2017 when a feature was added that allows users to upload Happy Birthday videos.

Attackers exploited a vulnerability in Facebook's code that affected "View As", a feature that allows users to see what their own profile looks like to someone else. The feature is designed to give users more control over their privacy. Three software bugs in Facebook code associated with this feature allowed attackers to steal Facebook access tokens, which they could then use to take over people's accounts.

These access tokens are like digital keys that people use to stay logged into Facebook, so they do not have to reenter their passwords each time they use Facebook.

Here's how it worked: Once the attackers gain access to a token for an account, call it Jane's, they could then use "View As" to see what another account, say Tom's, is about Jane's account could see. The vulnerability allowed the attackers to gain an access token for Tom's account as well, and the attack spread from there. Facebook said it has turned off the "view as" feature as a security precaution.

Last month, Facebook dropped back the signs of nearly 50 million accounts believed to be affected and, as a precaution, also reset the tokens for another 40 million accounts that used "Ads As" in the last year. By resetting the tokens, the affected Facebook users were logged out of the service.

Read or Share this story: https://www.usatoday.com/story/tech/2018/10/12/facebook-hack-update-30-million-users-personal- information-stolen / 1614394002 /