Skip to content 
Search

Latest Stories

Up to 50 million Facebook accounts breached in attack

Facebook revealed on Friday (28) that up to 50 million accounts were breached by hackers, dealing a blow to the social network's effort to convince users to trust it with their data.

The social network is investigating the extent of harm done when hackers exploited a trio of software flaws to steal "access tokens," the equivalent of digital keys that enable people to automatically log back into the social network.


Facebook chief executive Mark Zuckerberg said engineers discovered the breach on Tuesday(25), and patched it on Thursday (27) night.

"We don't know if any accounts were actually misused," Zuckerberg said. "This is a serious issue."

As a precaution, Facebook is temporarily taking down the "view as" feature - described as a privacy tool to let users see how their profiles look to other people.

"It's clear that attackers exploited a vulnerability in Facebook's code," said vice president of product management Guy Rosen.

"We've fixed the vulnerability and informed law enforcement."

Facebook reset the 50 million breached accounts, meaning users will need to sign back in using passwords.

Democratic US Senator Mark Warner cited the breach as further proof of the privacy danger of companies such as Facebook and Equifax not adequately protecting the massive amounts of information they gather about people.

"This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users," Warner said in a statement.

"As I've said before - the era of the Wild West in social media is over."

The breach is the latest privacy embarrassment for Facebook, which earlier this year acknowledged that tens of millions of users had personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.

"We face constant attacks from people who want to take over accounts or steal information around the world," Zuckerberg said on his Facebook page.

"While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place."

Facebook said it took a precautionary step of resetting "access tokens" for another 40 million accounts where the "view as" was used. This will require those users to log back into Facebook.

"People's privacy and security is incredibly important, and we're sorry this happened," Rosen said.

- Sophisticated hack -

No passwords were taken in the breach, only "tokens," according to Rosen.

Information hackers appeared interested in included names, genders, and home towns, but it was not clear for what purposes, the executives said in a telephone briefing.

The stolen tokens gave hackers complete control of accounts. Facebook is trying to determine whether hackers tampered with posts or messages.

Hackers could have also gotten into third-party applications linked to Facebook accounts, but it was too early to determine whether that happened, according to the social network.

Attackers would have been able to meddle with Instagram accounts lined to Facebook, but could not have tampered with the social network's WhatsApp messaging service, according to executives.

Facebook said that it noticed an unusual spike in activity on September 16 and determined nine days later that it was malicious.

Hackers took advantage of a "complex interaction" between three software bugs, which required a degree of sophistication, according to Rosen. The vulnerability was created by a change to a video uploading feature in July of 2017.

"We may never know who is behind this," Rosen said. "This is not an easy investigation."

The 50 million figure was the total number of accounts Facebook determined were breached by the attack since July of last year, but the social network did not disclose the earliest incursion.

Facebook is working with data privacy regulators as well as law enforcement, according to Rosen.

Facebook this year is doubling to 20,000 the number of workers devoted to safety and security.

When asked why people should still trust Facebook with their personal information, Zuckerberg outlined anew ways the social network is ramping up defenses.

"As I've said a number of times, security is an arms race," Zuckerberg said.

But Facebook may have deeper problems, said Jonathan Zittrain, a Harvard law professor and co-founder of university's Berkman Klein Center for Internet & Society.

"There is a structural problem here," Zittrain said in a tweet.

"Facebook has one of the best and most well-resourced cybersecurity outfits in the world, yet a breach of its servers appears to have compromised tens of millions of accounts in still-undisclosed ways."

(AFP)

More For You

Air India flight crash
Air India's Boeing 787-8 aircraft, operating flight AI-171 to London Gatwick, crashed into a medical hostel complex shortly after take-off from Ahmedabad on June 12.
Getty Images

Air India crash probe finds fuel to engines was cut off before impact

Highlights

 
     
  • Fuel to both engines of the Air India flight was cut off seconds before the crash
  •  
  • A pilot was heard questioning the other over the cut-off; both denied initiating it.
  •  
  • The Dreamliner crashed shortly after take-off from Ahmedabad, killing 260 people.
  •  
  • Investigators are focusing on fuel switch movement; full analysis may take months.

FUEL control switches to both engines of the Air India flight that crashed shortly after takeoff were moved from the "run" to the "cutoff" position seconds before the crash, according to a preliminary investigation report released early Saturday.

Keep ReadingShow less
Chinese vessel tracked in Bay of Bengal after disabling identification system

The Indian Navy and Coast Guard have consistently reported Chinese research vessel presence. (Representational image: Getty Images)

Chinese vessel tracked in Bay of Bengal after disabling identification system

A Chinese research vessel was detected operating in the Bay of Bengal near Indian waters while attempting to conceal its presence by disabling its Automatic Identification System (AIS), according to a report by The Economic Times, citing French maritime intelligence firm Unseenlabs.

The French company conducted a 16-day satellite-based survey tracking ships through radio frequency emissions. It monitored 1,897 vessels, with 9.6 per cent showing no AIS activity, indicating attempts to avoid detection. The survey raised concerns amid increased Chinese activity in the region.

Keep ReadingShow less
Asian-inspired garden earns
five awards at Hampton Court

(From left) Malcolm Anderson (RHS, head of sustainability) Clare Matterson (RHS director general), Lorraine Bishton (Subaru UK and Ireland, managing director) Andrew Ball (director, Big Fish Landscapes) Mike McMahon and Jewlsy Mathews with the medals

Asian-inspired garden earns five awards at Hampton Court

BRITISH Asians are being encouraged to take up gardening by a couple who have won a record five medals at the Royal Horticultural Society’s Hampton Court Palace Garden Festival.

“It’s a contemporary reimagining of a traditional walled garden, highlighting the British and Irish rainforests,” said Jewlsy Mathews, who was born in Britain of parents from Kerala, a southern Indian state known for its lush vegetation.

Keep ReadingShow less
uk weather

Amber heat health alerts have been issued across several regions of England

iStock

England faces widespread heat alerts and hosepipe bans amid rising temperatures

Highlights:

  • Amber heat health alerts in place for large parts of England
  • Hosepipe bans announced in Yorkshire, Kent and Sussex
  • Temperatures could reach 33°C over the weekend
  • Health risks rise, especially for elderly and vulnerable groups

Heat warnings in effect as UK braces for another hot weekend

Amber heat health alerts have been issued across several regions of England, with temperatures expected to climb to 33°C in some areas over the weekend. The UK Health Security Agency (UKHSA) activated the warning at 12 pm on Friday, with it set to remain in place until 9 am on Monday.

The alerts cover the East Midlands, West Midlands, south-east, south-west, East of England, and London. Additional yellow alerts were issued for the north-east, north-west, and Yorkshire and the Humber, starting from midday Friday.

Keep ReadingShow less
Essex ladybird invasion

One of the largest gatherings was filmed on a beach at Point Clear

Dee-anne Markiewicz / SWNS

Swarms of ladybirds invade Essex coastline amid soaring temperatures

Highlights:

  • Ladybird swarms reported across Essex and Suffolk coastal towns
  • Hot weather likely driving the sudden surge in population
  • Sightings include Point Clear, Shoebury, Clacton and Felixstowe
  • Similar outbreaks occurred in 1976 during another hot UK summer

Sudden surge in ladybird numbers across the southeast

Millions of ladybirds have been spotted swarming towns and villages along the Essex coast, with similar sightings stretching into Suffolk. Residents have reported unusually high numbers of the red and black-spotted insects, particularly near coastal areas, with the recent hot weather believed to be a major contributing factor.

One of the largest gatherings was filmed on a beach at Point Clear, a village near St Osyth in Essex, where the insects could be seen piling on top of each other on driftwood and plants.

Keep ReadingShow less