The North American company, which has ensured that it will send messages to those affected in the coming days, admits that its security breach affected the data of 29 million users and not 50 million as initially stated.
The social network Facebook has reported this Friday that a group of hackers stole data from a total of 29 million users of its platform, not 50 million as initially assured the company two weeks ago.
The cyber delinquents used a computer program was transferred from one profile to another through user contacts and the option to “see how” of their profiles. The company has ensured that it will send messages to those affected in the coming days, with the aim of notifying them of what type of data the hackers have accessed in the massive attack.
The breach in the security of the social network left millions of users exposed to possible frauds on the Internet. Many sectors fear that this type of computer attacks will end up discouraging users of social networks to continue using a service whose privacy, moderation and security practices have been questioned after a series of scandals, according to experts in cybersecurity and financial analysts.
Those responsible for the attack obtained details of profiles such as dates of birth, employers, educational history, religious preference, types of devices used, pages followed, recent searches and location records of 14 million users. For the other 15 million, it was restricted to name and contact details. Facebook has established that the number of users affected has been lower than its original estimate, after reviewing the activity in the accounts that could have been affected.
Option «see as»
The vice president of Facebook, Guy Rosen, has stated that the Federal Bureau of Investigation (FBI) has asked the company to limit the descriptions of the attackers because they have already launched an investigation into what happened. The company has ensured that it was trying to determine if the hackers took actions other than stealing data, such as publishing from the accounts. As they have added, they did not steal personal messages or financial data and did not use their access to the accounts of users of other websites.
The internal investigation, which is still at an “early stage”, has revealed that the attackers exploited a vulnerability in the Facebook web code that affected the “see how”option, which allows users to check the form in that other users see their Facebook profiles. This weakness allowed attackers to steal some access identifiers that they could use to enter user accounts without the need to enter the password. On the other hand, the social network has taken the decision to eliminate the option “see how” while continuing the investigation.