0.1974
7667766266
x
x
  1. Home
  2. CURRENT AFFAIRS
  3. FACEBOOK DATA BREACH

Facebook Data Breach

iasparliament Logo
October 16, 2018

Why in news?

Facebook has put out more details about the data breach that exploited a vulnerability in its code between July 2017 and September 2018.

What is the recent picture on data breach?

  • Facebook has claimed that fewer users - 30 million, not 50 million - had their access tokens stolen by exploiting 400,000 accounts.
  • But crucially, the new revelation is that 15 million of the 30 had their name and contact details (phone numbers or e-mails) stolen.
  • This was depending on what people had on their profiles.
  • Another 14 million had details like gender, relationship status, their birth date, recent searches, and the last 10 places the person had checked into or were tagged in stolen.
  • This was along with name and contact details like others.
  • Just 1 million of the 30 had none of their data compromised.
  • But Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts have not been affected.

How was it done?

  • The attackers moved from account to account using an automated script collecting tokens.
  • This was done by repeatedly exploiting the vulnerability using access tokens for about 400,000 people.
  • The attackers then used the list of friends they collected to “eventually steal access tokens for about 30 million people.
  • So starting with the accounts they controlled directly, they moved to their friends and to their friends’ friends, and so forth.
  • The attackers could see things about users like-
  1. posts on their Timelines
  2. their list of Friends
  3. groups they’re members of
  4. the names of some recent Messenger conversations
  • Facebook claims that the message content was not available to attackers.
  • But even this could have been seen if the person was Page admin and had received a message from someone.

What next?

  • Facebook is sending customised messages to the 30 million users, suggesting steps to protect themselves.
  • On the Facebook Help Center, users can check if they have been affected and what information may have been accessed.
  • Reportedly, accounts have already been secured by what Facebook did recently when they prompted millions of users to reset the access tokens.
  • So no one needs to log out again or change passwords.
  • But the risk is that stolen data could be used to target phishing mails etc to the users, knowing their preferences.
  • So users have to be careful of suspicious e-mails, text messages or calls that could be made using this information.

 

Source: Indian Express
Login or Register to Post Comments
There are no reviews yet. Be the first one to review.

ARCHIVES

MONTH/YEARWISE ARCHIVES

sidetext
Free UPSC Interview Guidance Programme
sidetext