Facebook: 50 million users personal information exposed in mega breach

[steven36]

Facebook says an attack on its network left the personal information of some 50 million users—perhaps you?—exposed to hackers. Who were the hackers, and what did they want? Facebook doesn't know, or won't say.

 

 

We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Mark Zuckerberg said in a statement regarding Cambridge Analytica earlier this year.

Well. You heard the man.

 

 

Mike Isaac and Sheera Frankel in the New York Times:

Quote

 

The company discovered the breach earlier this week, finding that attackers had exploited a feature in Facebook’s code that allowed them to take over user accounts. Facebook fixed the vulnerability and notified law enforcement officials.

 

More than 90 million of Facebook’s users were forced to log out of their accounts Friday morning, a common safety measure for compromised accounts.

 

Facebook said it did not know the origin or identity of the attackers, nor had it fully assessed the scope of the attack. The company is in the beginning stages of its investigation.

 

The discovery of the hack comes at one of the most difficult times in Facebook’s history. The company has dealt with fallout over its role in a widespread Russian disinformation campaign around the 2016 presidential election.

 

 

(...) Even before Friday’s disclosure, Facebook was facing multiple Federal investigations into the company’s broader data sharing and privacy practices. The Securities and Exchange Commission has opened an investigation into Facebook’s statements on Cambridge Analytica.

 

Facebook faces likely government regulation over monopoly and influence concerns, and it faces consequences for its role in the Cambridge Analytica scandal, from EU, UK, and US legal forces.

This major news will not help Mark Zuckerberg and his company in their struggles.

 

Source

[steven36]

50 Million Facebook Accounts Affected in Massive Security Breach

 

 

An estimated 50 million Facebook user profiles were affected by a security breach, the company confirmed in a blog post today. The breach could allow attackers to take over the accounts of affected users, but the full extent of the attack remains unknown.

 

The breach, which the company says it discovered on Tuesday, “exploited a vulnerability in Facebook’s code that impacted ‘View As’, a feature that lets people see what their own profile looks like to someone else.” Currently the company’s internal investigation “is still in its early stages” and no indication has been given as to who might be behind the attack or what user data (if any) was exfiltrated.

 

Login tokens have been reset for the 50 million accounts directly affected, as well as an additional 40 million accounts that the “view as” feature was used on within the past year. The vulnerability allowing the exploit, according to Facebook, “stemmed from a change we made to our video uploading feature in July 2017.”

 

News of the security breach comes at a particularly vulnerable time for Facebook, which is currently facing federal investigation and regulation over its role in the Cambridge Analytica scandal. Early this year, it was revealed that the firm misused data from some 87 million Facebook users. Cambridge Analytica shut down in May in the wake of the privacy debacle.

 

In a press conference shortly after Facebook made the blog post, CEO Mark Zuckerberg described the breach as an “attack” and mentioned that those responsible had attempted to query Facebook’s database for personal information about the those whose profiles had their login tokens taken.

 

The “view as” feature has since been turned off, and Facebook’s VP of Product, Guy Rosen, stated that the company is working alongside law enforcement and the FBI to gather more information. Responding to questions from reporters, Rosen said, “this is clearly a breach of trust and we take this very seriously.”

 

Sen. Mark Warner, co-chair of the Senate Cybersecurity Caucus, said the Facebook breach was “deeply concerning” in a statement to Gizmodo, calling for a full investigation to be conducted at once. “Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures,” he said.

 

Added Warner: “This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before—the era of the Wild West in social media is over.”

 

Update 1:55pm ET: Added statement from Sen. Warner.

 

Source

[Soze]

Everytime I think this is the nail in the coffin for Facebook, then they grow back like a proverbial cancer.