Security Failure at Facebook - What we Know

AFP - The security breach revealed on September 28 by Facebook affected tens of millions of accounts at the social network, which boasts more than 2.2 billion monthly users.

On Wednesday, the Irish data authority said it was opening up a formal investigation into whether the world's biggest social network complied with tough new EU privacy regulations.

- What happened?

Hackers took advantage of a "complex interaction" between three software bugs, which required a degree of sophistication.

The vulnerability was created by a change to a video uploading feature in July of 2017.

It involved a flaw in a "See As" feature that showed Facebook what their profiles look like to other people at the social network.

Using the feature generated digital keys, called "access tokens," which let users stay connected to their accounts without having to enter passwords anew.

Hackers were able to steal copies of the digital keys, giving them the same access and control of accounts as their legitimate owners.

On September 16, Facebook noticed a spike in activity that prompted it to investigate.

On September 25, Facebook engineers determined hackers had launched a sophisticated attack exploiting the vulnerability. A fix was in place two days later and stolen tokens rendered useless.

Facebook did not disclose when hackers first took advantage of the flaw, saying the investigation was early.

- What data was leaked?

Information hackers appeared interested in included names, genders, and home towns, but it was not clear for what purposes, the executives said in a telephone briefing.

Facebook said it was still trying to figure out what, if anything, hackers did in violated accounts. It did not seem at the outset...

Continue reading on: