It looks like the latest Facebook hack was caused by spammers trying to make a quick buck
Turns out it wasn’t a foreign nation-state behind the attack.
Facebook has determined scammers are behind the latest hack that exposed personal data for 30 million users. The preliminary findings show the hackers weren’t affiliated with a nation-state and their goals were financial, not ideological, according to a report from The Wall Street Journal.
During its ongoing investigation, the social network found the people behind the attack are a group of scammers that present themselves as a digital marketing company. Facebook said it was working closely with the Federal Bureau of Investigation (FBI) on the probe.
It seems these spammers were using the information to deliver spammy and deceptive ads to users.
On Sept. 28, Facebook announced that hackers had stolen security tokens associated with 50 million user profiles. At the time, the company forced those users and 40 million others to log back into their accounts.
Facebook said hackers exploited the company’s systems through a flaw in the “View As” feature, which allows a user to view their profile as a friend, the public, or another third party. Here is CBS News‘ original report on the subject.
By using a vulnerability in the “View As” feature, the hackers were able to access user tokens. These access tokens act as digital keys that open the door for apps and Facebook to connect and keep users from having to log into Facebook every time they access the site.
Facebook doubled back on what was stolen
When Facebook began its investigation, it said actual user information probably wasn’t taken, only the token. Unfortunately, that wasn’t correct.
Last week, Facebook admitted 30 million users had their tokens stolen, not 50 million. Unfortunately, 29 million of those had personal information compromised.
Of those, 15 million Facebook users had their name and contact details compromised, while 14 million had that information stolen plus other details found on their profiles.
This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.
Where this goes from here is anyone’s guess. Publicly, Facebook has yet to share the details about who was behind the attack citing its cooperation with the FBI.
“They’re actively investigating this with us and they’ve asked us not to discuss who may be behind this attack or what their intentions could be,” said Facebook’s Guy Rosen.
I think for the average Facebook user, it doesn’t matter who stole information through this hack just that it happened. Hopefully, the company learns from this and beefs up its security moving forward.
Does the Facebook hack make you less likely to use the service? You know what to do below.
- Apple will now let any U.S.-based user download all the data the company has on you
- Shocking no one, Facebook will harvest your personal data on Portal to serve you more ads
- Here are 9 scary games to get you ready for Halloween you little wimp