Million we realized. In my case, for example, my account of Facebook I deslogueó after years of stay connected. Of course I was taken aback, but the real concern began when the next day I learned that the platform of Mark Zuckerberg had been attacked by a hacker and that the personal data of millions of users were at risk.
In that time, Facebook reported that at least 50 million accounts were at risk, but now The Verge reports that were 30 million users that they suffered theft of personal data, now in the possession at least of the hacker who carried out the attack.
According to the report, the attacker gained full access to the accounts of 30 million users; of that universe, the attack enabled for basic information, i.e. names, emails and phone numbers; for the other 15 million obtained more complete data such as gender, religion, location, device information and the last 15 searches made.
Guy Rosen, Vice president of Product, issued a press release with more detailed information on the findings of the technical team of Facebook:
Sharing the results of our investigation into the attack we announced two weeks ago: https://t.co/tkDrVV7YZO
— Facebook (@facebook) October 12, 2018
We have been working all day to investigate the security issue that we discovered and solved two weeks ago, to help people understand what information may have been accessed by the attackers. Today, we’re sharing details found about the attack that exploited this vulnerability. We have not ruled out the possibility of attacks of a lesser scale, that we are still investigating.
As we have said, the attackers exploited a vulnerability in the code of Facebook that existed between July 2017 and September 2018. The vulnerability was the result of a complex interaction of three errors of different software and hit “View as”, a feature that allows people to see how you see your own profile for another person. Allowed the attackers to steal access tokens to Facebook, which could then be used to take charge of the accounts. The access tokens are equivalent to the digital keys that keep people connected to Facebook, so they don’t have to re-enter your password each time they use the application.
This is how we find the attack that exploited this vulnerability. We saw an unusual spike of activity that began on September 14, 2018, and begin an investigation. On the 25th of September, we determined that this was really an attack and identify the vulnerability; and endos days, we close the vulnerability, stopped the attack and ensure the accounts of the people through the restoration of access tokens to those who were potentially exposed. As a precautionary measure, also disable “View as”. We are cooperating with the FBI, is actively investigating and asked us not to say who may be behind this attack.
Perhaps the only good news is that Facebook reported that this gap massive security did not affect its sister companies, WhatsApp and Instagram, and hundreds of millions of users.
Coolest-hacks.com and Partners.