Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Facebook Revises Data Breach Impact Downward, Provides New Details

    Written by

    Sean Michael Kerner
    Published October 12, 2018
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      With many data breaches, the initial assessment of the impact is less than what the actual total ends up being. The opposite, however, is true with Facebook, which released a revised lower estimate for the number of people involved in its latest data breach.

      On Oct. 12. Facebook said that only 30 million people were impacted by a data breach of its access token system, down from the 50 million the company originally estimated on Sept. 28. As a result of the breach, Facebook had actually reset the access tokens for 90 million users, out of an abundance of caution.

      “We moved extremely fast two weeks ago to understand all of the users that were exposed to the vulnerability and users that may have been affected by this attack,” Guy Rosen, vice president of product management at Facebook, said during a press call on Oct. 12. “We thought that 50 million were affected by this attack, but over the course of investigation in the past two weeks that it was 30 million.”

      Rosen also provided new details on how the attack was executed against three different groupings of Facebook users. The first group was made up of 400,000 seed accounts that attackers were able to steal access tokens from. The attackers moved from account to account using an automated script collecting token repeatedly.

      “This script automatically loaded those account Facebook profiles, essentially mirroring what these 400,000 people would have seen when looking at their own profiles in a web browser,” Rosen said. “That would have included things like post on their timelines and their friends groups.”

      The second group included 15 million Facebook users where the attackers were able to use the access token theft to access users’ information, including name and contact details. The third group included 14 million Facebook users, with attackers getting the same access as they did with the second group, including additional profile details such as gender, relationship status, birthday, recent searches and the last 10 places the person had checked into.

      No Third-Party Apps Impacted

      Facebook had initially warned that third-party apps that made use of Facebook credentials to authenticate users were also at risk. After further investigation, it turns out that no third-party users were breached.

      “We have confirmed that there is no evidence these attackers accessed third-party apps using Facebook login, as well as any developer who uses our official Facebook SDK,” Rosen said.

      Rosen said that any app that regularly checks the validity of the Facebook access tokens they get were automatically protected two weeks ago, when Facebook reset users’ access tokens.

      “Last week out of an additional abundance of caution, we also built a tool to enable developers to manually identify any users of their apps who may have been exposed so that they can conduct their own investigations,” he said.

      Attribution

      Facebook is not publicly providing any attribution on who might be behind the attack or if it is nation-state or politically motivated.

      “We are working on this investigation and cooperating with the FBI, and they’re actively investigating this with us,” Rosen said. “They’ve asked us not to discuss who may be behind this attack and what their intentions could be.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×