Page 7 - ARUBA TODAY
P. 7
A7
U.S. NEWS Saturday 29 September 2018
Facebook says 50M
user accounts affected
by security breach
By MATT O’BRIEN and MAE The latest attack involved
ANDERSON bugs in Facebook’s “View
AP Technology Writers As” feature, which lets
NEW YORK (AP) — Face- people see how their pro-
book reported a major se- files appear to others. The
curity breach in which 50 attackers used that vulner-
million user accounts were ability to steal the digital
accessed by unknown at- keys, known as “access to-
tackers. kens,” from the accounts of
The attackers gained the people whose profiles were
ability to “seize control” of plugged into the “View As”
those accounts, Facebook feature — and then moved
said, by stealing digital keys along from one user’s
the company uses to keep Facebook friend to anoth-
people logged in. Face- er. Possession of those to-
book has logged out own- kens would allow attackers
ers of the 50 million affect- to control those accounts. In this May 1, 2018, file photo, Facebook CEO Mark Zuckerberg makes the keynote speech at F8,
ed accounts — plus anoth- One of the bugs was more Facebook’s developer conference in San Jose, Calif.
er 40 million who were vul- than a year old and affect- Associated Press
nerable to the attack. Users ed how the “View As” fea- pert at Rendition Infosec, once employed by the U.S. prosecutors later
don’t need to change their ture interacted with Face- said he is concerned that Trump campaign, Cam- blamed Russian agents for
Facebook passwords, it book’s video uploading the hack could have af- bridge Analytica, had im- using the information they
said. feature for posting “happy fected third party applica- properly gained access stole from Yahoo to spy on
Facebook said it doesn’t birthday” messages, said tions. to personal data from mil- Russian journalists, U.S. and
know who was behind the Guy Rosen, Facebook’s Williams noted that the lions of user profiles. Then Russian government offi-
attacks or where they’re vice president of product company’s “Facebook a congressional investiga- cials and employees of fi-
based. In a call with report- management. But it wasn’t Login” feature lets users log tion found that agents from nancial services and other
ers on Friday, CEO Mark until mid-September that into other apps and web- Russia and other countries private businesses.
Zuckerberg said that at- Facebook noticed an up- sites with their Facebook have been posting fake In Facebook’s case, it may
tackers would have had tick in unusual activity, credentials. “These access political ads since at least be too early to know how
the ability to view private and not until this week that tokens that were stolen 2016. In April, Zuckerberg sophisticated the attackers
messages or post on some- it learned of the attack, show when a user is logged appeared at a congres- were and if they were con-
one’s account, but there’s Rosen said. into Facebook and that sional hearing focused on nected to a nation state,
no sign that they did. “We haven’t yet been may be enough to access Facebook’s privacy prac- said Thomas Rid, a profes-
“We do not yet know if any able to determine if there a user’s account on a third tices. sor at the Johns Hopkins
of the accounts were actu- was specific targeting” of party site,” he said. The Facebook bug is remi- University. Rid said it could
ally misused,” Zuckerberg particular accounts, Rosen Facebook confirmed late niscent of a much larger also be spammers or crimi-
said. said in a call with reporters. Friday that third party apps, attack on Yahoo in which nals.
Facebook shares fell $4.38, “It does seem broad. And including its own Instagram attackers compromised 3 “Nothing we’ve seen here
or 2.6 percent, to close at we don’t yet know who app, could have been af- billion accounts — enough is so sophisticated that it
$164.46 on Friday. was behind these attacks fected. for half of the world’s entire requires a state actor,” Rid
The hack is the latest set- and where they might be “The vulnerability was on population. In the case of said. “Fifty million random
back for Facebook during based.” Facebook, but these ac- Yahoo, information stolen Facebook accounts are
a tumultuous year of secu- Neither passwords nor cess tokens enabled some- included names, email ad- not interesting for any intel-
rity problems and privacy credit card data was sto- one to use the account as dresses, phone numbers, ligence agency.”
issues . So far, though, none len, Rosen said. He said the if they were the account- birthdates and security Ed Mierzwinski, the senior
of that has significantly company has alerted the holder themselves,” Rosen questions and answers. It director of consumer ad-
shaken the confidence FBI and regulators in the said. was among a series of Ya- vocacy group U.S. PIRG,
of the company’s 2 billion United States and Europe. News broke early this year hoo hacks over several said the breach was “very
global users. Jake Williams, a security ex- that a data analytics firm years. troubling.”q
