[ad_1]
Hackers were able to access as many as 50 million Facebook user profiles without the permission of those users, Facebook said.
Facebook claims that hackers took advantage of a "Facebook Code Vulnerability" that allowed them to access special "digital keys" that allowed users to stay connected to their account without having to re-enter their password.
Obtaining these digital keys has allowed hackers to use these keys to "support user accounts," the company writes in a blog post.
"As we have just started our investigation, we still need to determine if these accounts were misused or information was accessed," says the company's blog post. "We do not know who is behind these attacks or where they are based."
Facebook CEO Mark Zuckerberg told reporters on Friday that the company had discovered the vulnerability on Tuesday and corrected the problem on Thursday night. He said it is unclear whether these hackers were able to successfully access the personal data of Facebook users.
This is the last in a long list of incidents with Facebook in the past two years. A software bug introduced earlier this year has changed users' privacy settings without their knowledge or consent. A separate bug accidentally unblocked the users that users had chosen to block, putting the security of the users at risk.
This last security problem, occurring less than six weeks before the mid-term US elections, is certainly bad news for the company. Facebook is committed to better prepare its service for the next half term, after Russian actors have used false information accounts and robot accounts to try to influence the US presidential election. of 2016.
Facebook's stock is down more than 3% on news.
Facebook says that it has reset these digital keys for the 50 million accounts affected and for 40 million additional accounts that were also potentially exposed to this vulnerability. As a result, these 90 million people will have to log back in their account the next time they use Facebook. (For the context, it's less than 5% of Facebook's user base, which exceeded 2.2 billion in June).
Facebook is calling with reporters at 10 am Pacific time to discuss the violation. We will continue to update this story as we learn more.
Update: There was not much new information on Facebook's press call with reporters. CEO Mark Zuckerberg and Guy Rosen, a Facebook product manager working on security, answered questions for about 25 minutes and stressed that it was still unclear whether hackers were actually collecting personal information from user accounts.
They tried to collect personal information about people like their name, sex and hometown, Rosen said.
"We did not see that access tokens were used to access private messages, or messages, or to post something on accounts," added Rosen. "It's important to say: attackers could use the account as if they were the account holder."
We do not know who was behind the attack and whether it was motivated politically or not. "Our investigation is early and it is difficult to determine exactly who was behind this," said Rosen. "We can never know."
Source link
