 "Security breach: Hackers accessed data from 29 mn accounts, says Facebook")
Facebook Inc said on Friday that attackers in the mass security breach it announced late last month accessed the accounts of about 30 million people in total and stole name and contact details for 29 million.
Facebook found no theft of highly personal messages or financial data, and saw no use of Facebook logins to access other websites, all of which would have been cause for greater concern.
Instead, stolen data on 14 million users included birthdates, employers, education and lists of friends.
All of those could help a fraudster pose as Facebook, the employer or a friend. They could then craft a more sophisticated email aimed at tricking users into providing login information on a fake page or into clicking on an attachment that would infect their computers.
"We're cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack," Facebook said on a blog post https://newsroom.fb.com/news/2018/10/update-on-security-issue.
The social network said in late September that hackers stole digital login codes allowing them to take over nearly 50 million user accounts in its worst security breach ever, but did not confirm if information had actually been stolen.
Facebook's latest vulnerability has existed since July 2017, but the company first identified it in mid-September after spotting a fairly large increase in use of its "view as" privacy feature. It determined that it was an attack on Sept. 25.
"Within two days, we closed the vulnerability, stopped the attack, and secured people's accounts by restoring the access tokens for people who were potentially exposed," Facebook said.
The "view as" feature allows users to check their privacy settings by giving them a glimpse of what their profile looks like to others. But a trio of errors in Facebook's software enabled someone accessing the feature to post and browse from Facebook accounts of other users.
Facebook shares fell 2.6 percent after the breach was announced last month, and they were down more than 1 percent following the updated disclosures on Friday.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app