[ad_1]
Facebook Inc. (FB.O) announced Friday that cyber-attackers had stolen data from 29 million Facebook accounts with the help of an automated program, the social media company said Friday. millions of profiles initially reported.
The company said it would send a message to affected users over the next few days to tell them what kind of information had been viewed during the attack.
This flaw has made users more vulnerable to targeted phishing attacks and could exacerbate the discomfort of posting on a service whose privacy, moderation and security practices have been called into question by a series of scandals, experts said. cybersecurity and financial analysts.
Attackers analyzed profile information such as birth dates, employers, educational background, religious preferences, types of devices used, pages tracked, recent searches, and location records of 14 million d & # 39; users.
For the other 15 million users, the violation was limited to the name and contact details. In addition, attackers could view publications and lists of friends and groups of about 400,000 users.
Lawmakers and investors are increasingly concerned that Facebook is not doing enough to protect the data.
The company's shares rose 0.25% on Friday, after the rebound on Wall Street after six days of losses. The Nasdaq composite index gained 2.29%.
Facebook has reduced the number of users involved from its initial estimate after investigators had reviewed the activity on accounts likely to have been affected. Nevertheless, cyber security experts have warned that attackers could use stolen information in targeted phishing scams.
"In the end, all of this data is still available," said Corey Milligan, principal investigator at cyber security firm Armor Inc.
Facebook vice president Guy Rosen told reporters that the US Federal Bureau of Investigation had asked the company to limit the description of the attackers because of an ongoing investigation.
Rosen revealed that, although the intention of the attackers was not determined, they did not seem to be motivated by the upcoming mid-term US congressional election on November 6.
He added that the attack had hit a "wide" range of users, but had refused to break down the number of people affected by country.
Facebook said it was continuing to investigate whether the attackers had taken steps beyond data theft, such as publishing accounts, without discovering any other cases of use. abusive.
Hackers do not steal personal messages or financial data and do not use their account access to access user accounts on other websites, said Facebook.
FOCUS ON TRUST
Rosen said the company "will do everything possible to win the trust of users."
Previously, the company had warned that the profits would suffer because of expenses related to the violation.
Vulnerability exploited by hackers ran from July 2017 to the end of last month, when Facebook noticed an unusual increase in the use of its "view as" feature.
This feature allows users to check privacy settings by giving an overview of their profile to others. However, three errors in Facebook's software allowed one person accessing "view as" to view and navigate from the other user's Facebook account.
The attackers used the "view as" flaw with "a small handful" of accounts they controlled to capture their friends' Facebook data, and then used a tool they developed to violate the rules. friends and beyond, Rosen said.
Last month, Facebook corrected the problem and asked 90 million users to reconnect to their accounts, often as a precaution.
Security experts said Facebook's initial disclosure of the breach was earlier than it likely would have been before the enactment in May of the EU's General Data Protection Regulation, which imposes a notification within 72 hours of the acquisition of a compromise.
The Irish data protection commissioner, the EU's main regulator for data in the EU, last week opened an investigation into the violation. Authorities in other jurisdictions, including the US states of Connecticut and New York, are also looking into the attack.
Regulators from around the world are investigating another case that was revealed in March: How did Cambridge Analytica's political data firm misapply the profile details of 87 million Facebook users? ?
The Japanese Data Protection Commission (JPPC) has opened an investigation into the social media company, Nikkei reported on Friday.
"We are working with local regulators, including JPPC, on the data breach," the company said in a statement. Facebook has about 28 million active people in one month in Japan.
Reuters
Reportage of Munsif Vengattil in Bengaluru and Paresh Dave in San Francisco; Akanksha Rana and Vibhuti Sharma in Bengaluru, Jim Finkle in New York and Joseph Menn in San Francisco; edited by Jim Finkle, David Gregorio and Leslie Adler
[ad_2]
Source link
