Facebook has become extraordinarily sensitive and hence susceptible to data breaches, a recuperating Facebook from the Cambridge Analytica injury says attackers accessed contact details of 29 million users — encompassing broad spheres of information from phone numbers and email addresses to more intimate details like check-ins and recent searches. The mass data breach came as a lasting bruise to the largest social network’s authenticity and deep-rooted user trust.
Referencing from the Friday’s statement, the attackers illegally acquired access tokens for 30 million accounts, which allowed them to have a full-fledged access to those profiles from where they extracted basic contact information (name and contact no./email address). More detailed information like hometown, location, birthdates, gender and recent places they checked into were extracted for 14 million accounts.
The rest one million accounts, though affected, but were not subjected to any information extraction.
Responding to the security breach, Facebook pledged to send customized messages to the 30 million users whose accounts fall prey to what they have labeled as a “fairly broad” breach. Reportedly, the breach despite its magnitude has been indifferent enough to spare the third-party apps that were linked to the Facebook accounts of the users as Facebook said no data was accessed from the third-party apps — Whatsapp, Instagram or Messenger.
An ongoing investigation by Facebook implies that the service providers are not ruling out the possibility of less destructive but more oblique attacks that use a similar mechanism. Aside from that, the hackers used an automated program to navigate through accounts and extract the data rapidly, but notably, they didn’t perform any activity while they were logged in.
Facebook’s Vice President of product management, Guy Rosen said in a call with reporters, “We take these incidents really, really seriously,”
Facebook told that the FBI is investigating the hack, but has refused to disclose further details — perpetrators behind the attack, to be precise. Facebook will not disclose the breakdowns of the affected users’ location, said a company executive on a conference call.
A Reddit user’s take on the probable horrors of the breach justifies the concern of the panicked users, apple-hacck writes,
“many people use the same passwords across accounts (my first thought). But in the case of a Facebook data breach, since the personal details were accessed, they can commit identity fraud because they have your face (if you have a profile picture), phone number- cause many people to link their numbers to Facebook, and your name. All of which can be used to convince a bank or other institution that it is you trying to access the account.”
In the wake of the exacerbated concerns, Patrick Moorhead, founder of Moor Insights & Strategy, says, “Facebook should provide all those customers free credit monitoring to make sure the damage is minimized.”
