Oct 12, 2018

Facebook says personal information swept up by hackers in breach

Facebook CEO Mark Zuckerberg. Photo: Christophe Morin/IP3/Getty Images

Facebook confirmed for the first time Friday that hackers who stole the keys to millions of accounts used some of them to access a wide variety of personal information about users.

Why it matters: The breach is under investigation in Ireland, and there have been calls for a similar investigation in the United States. It affected 30 million people — though that's a lower number than Facebook initially believed.

Details:

  • Hackers accessed names and listed contact information for 14 million people as well "as other details people had on their profiles," Facebook's Guy Rosen wrote in a blog post.
  • "This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches," he said.
  • He said that for an additional 15 million people, the hackers accused just their name and listed content information.
  • One million people were implicated in the hack, but saw no data accessed.
  • "Based on our investigation, the attackers did not post anything on peoples’ profiles," Rosen told reporters Friday.

But the 30 million people who saw their account keys stolen was a lower number than the 50 million initially announced, Rosen said. International data privacy laws require firms to quickly report breaches, well before investigations are complete — potentially forcing firms to overestimate damage.

The hackers started with a core group of accounts and used an automated technique to steal access tokens from 400,000 of those accounts' friends.

  • In the process, they were sent the information those 400,000 people would see when looking at their profiles — including posts, the names of groups they were in, and the names on recent messenger conversations (though the messages were not normally available).
  • But if a user was a page administrator, messages they received would be visible.
  • The hackers used some of those 400,000 accounts to move to the 30 million accounts now being reported.

Concerned Facebook users can see if they were affected by visiting the service's help center.

What's next: Authorities in the United States and abroad, including the Federal Bureau of Investigation, continue to look into the breach.

  • "As we look for other ways the people behind this attack used Facebook, as well as the possibility of smaller-scale attacks, we’ll continue to cooperate with the FBI, the US Federal Trade Commission, Irish Data Protection Commission, and other authorities," Rosen said.

This post has been updated with details from a telephone briefing by Rosen and more information from the blog post.

Go deeper

Trump to end Hong Kong’s special trade status

President Trump. Photo: Win McNamee/Getty Images

President Trump announced on Friday that the U.S. would be fundamentally changing longstanding policies toward Hong Kong as a result of Chinese encroachment on the city's autonomy.

Why it matters: Trump said he would be effectively ending the special trade status that has allowed Hong Kong to flourish as a gateway to the Chinese market. That leaves an uncertain future for businesses that operate in Hong Kong, not to mention the city's 7 million residents, and could be met with reprisals from Beijing.

Updated 1 hour ago - Politics & Policy

Police officer in George Floyd killing charged with third-degree murder

A protester with a sign with George Floyd's last words. Photo: Stephen Maturen/Getty Images

Derek Chauvin, the Minneapolis police officer involved in the killing of George Floyd, was charged Friday with third-degree murder and manslaughter, according to Hennepin County Attorney Mike Freeman.

The state of play: Freeman said that the delay in Chauvin's arrest, which came four days after Floyd's death on Monday, was due to the need to collect sufficient evidence — and that it was "by far the fastest" his office had charged a police officer. He added that he also anticipated charges against the other three officers involved in Floyd's arrest and death, but refused to elaborate.

Updated 1 hour ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 3 p.m. ET: 5,871,347 — Total deaths: 362,554 — Total recoveries — 2,463,332Map.
  2. U.S.: Total confirmed cases as of 3 p.m. ET: 1,731,035 — Total deaths: 102,201 — Total recoveries: 399,991 — Total tested: 15,646,041Map.
  3. 2020: North Carolina asks RNC if convention will honor Trump's wish for no masks or social distancing.
  4. Supreme Court: Senators Grassley, Leahy urge Supreme Court to continue live streams post-pandemic.
  5. Public health: Hydroxychloroquine prescription fills exploded in March —How the U.S. might distribute a vaccine.
  6. Business: Fed chair Powell says coronavirus is "great increaser" of income inequality.
  7. 🚀 Space: How to virtually watch SpaceX's first crewed launch Saturday.