Facebook: Hackers also captured sensitive information

The hacking attack on the Facebook social network, which became known about two weeks ago, has stolen sensitive data from millions of users. This was announced by Facebook after a detailed investigation. According to him, out of 14 million profiles, the youngest ten places where users had registered or were tagged in pictures had been stolen. Some of their 15 recent searches on the platform were also covered by the unknown.

For 15 million users, only the name and contact information such as e-mail had been stolen. For one million of the users concerned, no data was taken from the profiles. This would have affected a total of about 30 million profiles instead of the estimated 50 million. Facebook has a total of more than 2.2 billion active members, including EU citizens are affected by the hack.

Facebook announced two weeks ago that unknown attackers had gained access to dozens of millions of user profiles by stealing digital keys. With the so-called tokens they could access the profiles as if they were their own.

Also recorded workplace and religion

Among the 14 million more affected users, information such as the websites, people, or Facebook pages they follow, as well as their place of birth, relationship status, religion, and workplace were also taken. The company affirmed that the hacker attack did not affect payment information or data from its Messenger chat service.

There is still no evidence that the attackers have exploited the possibility of using the stolen digital keys to sign in to other apps for which users used their Facebook login, said product chief Gyu Rosen. At the same time, the group could not rule out that there were other minor attacks while the vulnerability existed. It was created in July 2017 by a combination of three software errors.

Origin of the attack further unknown

The attackers had exploited a vulnerability in the function that allowed members of the social network to view their profile from the perspective of other users. The gap allowed them to capture the long-term key stored on a device. Facebook uses the digital keys so that users do not have to log in each time they use the app.

The investigation revealed, according to Facebook, that the attackers launched the attack from a series of profiles they controlled themselves. In a telephone conference, the company continued to provide information about the possible origin of the attackers. However, product chief Rosen said they are working closely with the US Federal Bureau of Investigation (FBI). The agency asked Facebook to comment on the possible origins. However, Facebook has no indications of a link with US Congressional elections in early November, Rosen said.