TO CLOSE

Facebook has announced that it has closed 559 Facebook pages and 251 accounts just before the mid-term elections. Natasha Abellard of Veuer has history.
Buzz60

Facebook has informed the public of its investigation of its data breach: 30 million, not 50 million, were affected.(Photo: JaysonPhotography / iStock)

SAN FRANCISCO – Facebook indicates that fewer accounts were hacked than what had originally been thought of in one of the worst security incidents on the giant social network – 30 million instead of 50 million – but attackers recovered from sensitive personal information from almost half of these users, such as their phone number. e-mail address, recent Facebook searches, location history, and device types used by users to access the service.

Hackers got their hands on data from 29 million accounts as part of last month's attack, revealed Facebook on Friday. Facebook had initially estimated that 50 million accounts could have been affected, but the company did not know if they had been compromised. The attackers did not gather any information from about 1 million people whose accounts were affected.

For about half of those whose accounts were broken into – about 14 million people – hackers accessed a lot of personal information, such as the last 10 places registered by the Facebook user, their current city and their last 15 searches. For the remaining 15 million, hackers accessed the name and contact information, according to Facebook.

Facebook users can check if their data has been stolen by visiting the company's website. Help Center. Facebook said it would notify affected users of how they could protect themselves from suspicious emails and other attempts to exploit stolen data. Guy Rosen, vice president of product management for Facebook, said the company had seen no evidence of attacking stolen data or publishing it on the Web.

Third-party and Facebook applications such as Instagram and WhatsApp have not been compromised, according to Facebook. Hackers have not been able to access private messages, but messages received or exchanged by the administrators of the Facebook page may have been exposed.

The latest disclosure, another among a series of security failures that have shaken public confidence in Facebook, could intensify political pressure on society. An investigation is underway from the Irish Data Protection Commission and Rosen said Facebook is also cooperating with the Federal Trade Commission and other authorities.

The extent of personal information compromised by the attackers has dealt a blow to the public relations campaign conducted by Facebook to convince the more than 2 billion people who regularly use the service that the protection of personal data after the scandal of Cambridge Analytica and the uncontrolled is serious. dissemination of Russian propaganda during and after the 2016 presidential election.

Facebook said on Friday that it had "no reason to believe" that the attack was related to mid-term elections in November.

The guilty of massive piracy have not been publicly identified. The FBI is actively investigating piracy and has asked Facebook not to disclose any information about potential perpetrators, Rosen said.

"They asked us not to discuss who could be at the root of this attack," he said. When they revealed the breach two weeks ago, Facebook officials said that they did not know who was behind the attacks.

After compromising accounts last month, more than 90 million users have been forced to log off their accounts for security.

Facebook claims that attackers exploited a feature of its code that allowed them to requisition user accounts. These accounts included Facebook CEO Mark Zuckerberg and second-in-command Sheryl Sandberg.

Facebook estimated two weeks ago that nearly 50 million accounts had been compromised. The attack began on September 14th. An outbreak of traffic triggered an internal investigation two days later. The breach was quickly discovered and repaired.

The FTC and other agencies are already investigating Facebook after learning that Cambridge Analytica political targeting company had accessed 87 million users' accounts without their consent.

"These companies have an impressive amount of information about Americans – violations not only affect our privacy, they also create tremendous risks to our economy and our national security," the statement said. last month the Commissioner of the Federal Trade Commission, Rohit Chopra Chopra. "The cost of inaction is increasing and we need answers."

The vulnerability was introduced in July 2017 with the addition of a feature allowing users to download happy birthday videos.

Hackers exploited a vulnerability in the Facebook code that affected "View As", a feature that allowed people to see what their own profile looked like for someone else. The feature has been designed to give users more control over their privacy. Three software bugs in the Facebook code connected to this feature allowed attackers to steal Facebook access tokens that they could then use to support user accounts.

These access tokens are like digital keys that allow users to stay connected to Facebook. They do not need to re-enter their password each time they use Facebook.

Here's how it worked: once the attackers had access to a token for an account, call him Jane's, they can then use "View As" to see what another account says Tom's, could see about Jane's account. This vulnerability also allowed hackers to obtain an access token on behalf of Tom and to spread the attack from there. Facebook said that it had disabled the "View as" feature for security.

Last month, Facebook reset the chips of nearly 50 million accounts alleged to have been affected and, as a precautionary measure, also reset the tokens of 40 million accounts that have used "View As" in the past year. Resetting Tokens disconnected the affected Facebook users from the service.

Read or share this story: https://www.usatoday.com/story/tech/2018/10/12/facebook-hack-update-30-million-users-personal-information-stolen/1614394002/