Page 24 - AT
P. 24
A24 TECHNOLOGY
Thursday 4 OcTOber 2018
What comes next in Facebook’s major data breach
By MATT O’BRIEN and MAE was behind these attacks
ANDERSON and where they might be
AP Technology Writers based.”
NEW YORK (AP) — For users, Neither passwords nor
Facebook’s revelation of a credit card data was sto-
data breach that gave at- len, Rosen said. He said the
tackers access to 50 million company has alerted the
accounts raises an impor- FBI and regulators in the
tant question: What hap- United States and Europe.
pens next? Jake Williams, a security ex-
For the owners of the af- pert at Rendition Infosec,
fected accounts, and of said he is concerned that
another 40 million that the hack could have af-
Facebook considered at fected third party applica-
risk, the first order of business tions.
may be a simple one: sign Williams noted that the
back into the app. Face- company’s “Facebook
book logged everyone out Login” feature lets users log
of all 90 million accounts in into other apps and web-
order to reset digital keys sites with their Facebook
the hackers had stolen — credentials. “These access
keys normally used to keep tokens that were stolen
users logged in, but which In this May 1, 2018, file photo, Facebook CEO Mark Zuckerberg makes the keynote speech at F8, show when a user is logged
could also give outsiders Facebook’s developer conference in San Jose, Calif. into Facebook and that
full control of the compro- Associated Press may be enough to access
mised accounts. Facebook, however, of these issues have sig- than a year old and affect- a user’s account on a third
Next up is the waiting doesn’t know who was be- nificantly shaken the confi- ed how the “View As” fea- party site,” he said.
game, as Facebook con- hind the attacks or where dence of the company’s 2 ture interacted with Face- Facebook confirmed late
tinues its investigation and they’re based. In a call with billion global users. book’s video uploading Friday that third party apps,
users scan for notifications reporters on Friday, CEO This latest hack involved feature for posting “happy including its own Instagram
that their accounts were Mark Zuckerberg — whose bugs in Facebook’s “View birthday” messages, said app, could have been af-
targeted by the hackers. own account was compro- As” feature, which lets Guy Rosen, Facebook’s fected.
What Facebook knows so mised — said that attackers people see how their pro- vice president of product “The vulnerability was on
far is that hackers got ac- would have had the ability files appear to others. The management. But it wasn’t Facebook, but these ac-
cess to the 50 million ac- to view private messages attackers used that vul- until mid-September that cess tokens enabled some-
counts by exploiting three or post on someone’s ac- nerability to steal access Facebook noticed an up- one to use the account as
distinct bugs in Facebook’s count, but there’s no sign tokens from the accounts tick in unusual activity, if they were the account-
code that allowed them that they did. of people whose profiles and not until this week that holder themselves,” Rosen
to steal those digital keys, “We do not yet know if any came up in searches using it learned of the attack, said.
technically known as “ac- of the accounts were actu- the “View As” feature. The Rosen said. News broke early this year
cess tokens.” The company ally misused,” Zuckerberg attack then moved along “We haven’t yet been that a data analytics firm
says it has fixed the bugs. said. from one user’s Facebook able to determine if there once employed by the
Users don’t need to change The hack is the latest set- friend to another. Posses- was specific targeting” of Trump campaign, Cam-
their Facebook passwords, back for Facebook during sion of those tokens would particular accounts, Rosen bridge Analytica, had im-
it said, although security ex- a tumultuous year of secu- allow attackers to control said in a call with reporters. properly gained access to
perts say it couldn’t hurt to rity problems and privacy those accounts. “It does seem broad. And personal data from millions
do so. issues . So far, though, none One of the bugs was more we don’t yet know who of user profiles. q
Child experts file FTC complaint against Facebook kids’ app
By BARBARA ORTUTAY The complaint says the Kids or collect data for mar-
AP Technology Writer app does not meet COPPA keting purposes, though it
NEW YORK (AP) — Chil- requirements because it does collect some data it
dren’s and public health doesn’t try to ensure that says is necessary to run the
advocacy groups say the person who sets up the service. But the advoca-
Facebook’s kid-centric kids’ account and gives cy groups say the privacy
messaging app violates consent to have their data policy of Messenger Kids is
federal law by collecting collected is the actual par- “incomplete and vague”
kids’ personal information ent. In fact, the groups say, and allows Facebook to
without getting verifiable someone could set up a disclose data to third par-
consent from their parents. brand new, fictional ac- ties and other Facebook
The Campaign for a Com- count and immediately services “for broad, unde-
mercial-Free Childhood approve a kid’s account fined business purposes.”
and other groups asked without proving their age Facebook launched Mes-
the Federal Trade Commis- or identity. senger Kids last December
sion on Wednesday to in- Facebook said Wednesday on iOS and has since ex-
vestigate Facebook’s Mes- it hasn’t yet reviewed the panded to Android and
senger Kids for violating the In this Feb. 16, 2018, file photo, Facebook’s Messenger Kids app complaint letter. The com- Amazon devices and be-
Children’s Online Privacy is displayed on an iPhone in New York. pany has said it doesn’t yond the U.S. to Mexico,
Protection Act, or COPPA. Associated Press show ads on Messenger Canada and elsewhere.q
