• Uncategorised

In Facebook’s massive breach, the hackers’ friends were the first victims – CNET

Illustrative image of the Facebook website.

Look out for your friends.

Getty Images

What's 400,000 Facebook access tokens between friends?

The world's largest social network gave an update Friday on the huge data breach it discovered last month. And in addition to saying the breach affected about 30 million users instead of the 50 million it first reported, Facebook said the hack started among 400,000 people closest to the attackers.

The attackers stole sensitive personal information from 14 million accounts, including birth dates, recent search history and the last 10 locations where users were tagged. Another 15 million people had information like names, phone numbers and email addresses pilfered.

Though hackers scaled up the assault massively, the breach began with the attackers' own Facebook friends. The hackers used the "View As" vulnerability to steal access tokens from their own friends, and then repeated that process for friends of those compromised friends.

It was done automatically, Facebook's vice president of product management, Guy Rosen, said in a press call, until the hackers amassed 400,000 accounts within their own network.

For those initial victims, the attackers could see posts on their timelines, their lists of friends, what groups they're members of and who they have messaged recently. There was no Messenger content exposed, unless the affected person was a Page admin whose page received messages from someone. 

With those 400,000 accounts, the hackers used the same vulnerability to steal information on millions of people on Facebook. While they were friends on Facebook, it's unclear how close the attackers were to their first set of victims. 

"They stole their friends' access tokens and then the access tokens of those friends," Rosen said.

Facebook did not respond to a request for comment, and Rosen declined to provide specific details on the attackers as it is under an FBI investigation. 

The world's largest social network first realized it was under an attack after noticing a spike in activity on September 25. The hackers had been active for 11 days before Facebook staff noticed something was wrong.

The automated process that the hackers used to target their Facebook friends would load their profiles through the "View As" tool, which allowed people to see how their profiles look to other people. Facebook has since disabled the tool for safety purposes.

Infowars and Silicon Valley: Everything you need to know about the tech industry's free speech debate.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.