Facebook had originally said up to 50 million accounts were affected in a cyberattack that exploited a trio of software flaws to steal “access tokens” that enable people to automatically log back into the social network.
Facebook Inc said on Friday attackers stole names and contact details of 29 million users in the mass security breach disclosed by the social media network late last month.
The breach, Facebook’s worst ever, has exacerbated concerns among users, lawmakers and investors that the company is not doing enough to safeguard data, particularly in the wake of the Cambridge Analytica data scandal.
Still, hackers neither accessed personal messages nor financial data and did not use Facebook logins to access other websites, all of which would have been a cause for greater concern. Facebook originally had said in late September hackers stole digital log-in codes to take over nearly 50 million user accounts.
On Friday, the company revealed that stolen data on 14 million users included birth dates, employers, education and lists of friends. For 15 million users, it was restricted to just name and contact details.
All of those could help a fraudster pose as Facebook, the employer or a friend. They could then craft a more sophisticated email aimed at tricking users into providing login information on a fake page or into clicking on an attachment that would infect their computers.
Facebook said it will send customised messages in the coming days to affected users to explain what information the attackers accessed and how they can protect themselves, including from suspicious emails, text messages or calls.
A company executive said on a conference call that Facebook will not provide country-by-country breakdowns of the affected users. The hackers used an automated program to move from account to account and harvest the data quickly.
“We’re cooperating with the FBI, which is actively investigating and asked us not to discuss who may be behind this attack,” Facebook said on a blog post https://newsroom.fb.com/news/2018/10/update-on-security-issue.
The social network in late September did not confirm if information had actually been stolen.
“There’s not much more that Facebook can do,” said Michael Pachter, an analyst with Wedbush Securities. “The stolen data is likely to be used by the hackers, so this problem is likely to persist for quite some time.”
Facebook’s latest vulnerability has existed since July 2017, but the company first identified it in mid-September after spotting a fairly large increase in use of its “view as” feature. It determined that it was an attack on Sept. 25.
“Within two days, we closed the vulnerability, stopped the attack and secured people’s accounts by restoring the access tokens for people who were potentially exposed,” Facebook said.
The “view as” feature allows users to check their privacy settings by giving them a glimpse of what their profile looks like to others. But a trio of errors in Facebook’s software enabled someone accessing the feature to post and browse from Facebook accounts of other users.
Facebook did not rule out the possibility of smaller-scale attacks and said it would continue to investigate.
Facebook shares fell 2.6 percent after the breach was announced last month and they were down 0.5 percent following the updated disclosures on Friday.
4 Indian Films to Screen at 21st Annual United Nations Association Film Festival
Four Indian films with South Asian themes will be featured at the 21st Annual United Nations Association Film Festival at the Aquarius Theater here beginning Oct. 18.
“Street Workers United,” an eight-minute U.S.-India co-production screening Oct. 21 focuses on India’s street vendors and rickshaw drivers. For years they’ve lived and worked without legal protections and without access to financial services, and have been subject to harassment by the police, the mafia, and others, according to a press release. NIDAN is working to change all that by organizing them to stand up for their own rights.
On the same night, “The True Cost,” an India-Bangladesh-Italy co-production lasting 93 minutes, is a story about the clothes we wear, the people who make them, and the impact the industry is having on our world. The price of clothing has been decreasing for decades, while the human and environmental costs have grown dramatically, said the release.
“Love Sick,” a 74-minute film from India screening Oct. 24, asks the question, “How in India, a culture obsessed with marriage but where AIDS is an unspeakable disease, can one find love and companionship if you’re HIV-positive?”
On Oct. 25, the 55-minute long “Raghu Rai” from India is an unframed portrait of Magnum photographer Raghu Rai and his 50-year-long journey capturing the stories of India as told through the eyes of his own rebel daughter. Together, they embark on a journey to Kashmir.
During opening night, sponsored by iTalico, Palo Alto Mayor Liz Kniss will deliver opening remarks with all invited filmmakers present.
The Aquarius Theatre is located at 430 Emerson Street in downtown Palo Alto. For more information about the 21st UNAFF please visit www.unaff.org.