Oct 2, 2018

Facebook, regulators search for answers after big hack

Facebook CEO Mark Zuckerberg. Photo: Aurelien Morissard/IP3/Getty Images

Facebook, third-party apps and regulators are scrambling to figure out key details of a breach that gave hackers access to 50 million accounts — a week after it was first discovered and four days after it was revealed.

The big picture: Observers widely noted that past security failures on this scale have always ended up affecting much larger numbers of users than originally announced. Two major online services that allow users to sign in with Facebook reported no evidence of problems, but investigations are just beginning.

What happened: Hackers stole "access tokens" that gave them the ability to control 50 million accounts. It's not clear whether they used them to get into Facebook or any of the thousands of other services that take Facebook credentials.

What they’re saying:

  • A spokesperson for Tinder said the dating app “has conducted a full forensic investigation and has no evidence to suggest accounts have been accessed based on the limited information Facebook has provided.”
  • “Spotify has not experienced a security breach,” said a spokesperson for the music streaming service, which lets you log in with a Facebook account.
  • Airbnb, another major company that lets users log in with Facebook credentials, did not comment on the potential impact of the breach. Pinterest told CNN it examining the impact on its platform.

Yes, but: Tinder's spokesperson said that "if Facebook would share the affected user lists, it would be very helpful in our investigation."

  • A Facebook spokesperson noted the company had reached out to Tinder. He also pointed Axios to exec Guy Rosen’s comments last week that developers who let users log in with their Facebook accounts would be able to detect whose access tokens had been reset in response to the breach.

Multiple Congressional committees want answers about the breach, with both the House Energy and Commerce Committee and the Senate Commerce committees seeking staff briefings from Facebook, per aides.

  • “We’re looking at it, our staff’s been in contact with them and we’ll determine whether or not it’s something we need to have a hearing about,” said Senate Commerce Committee Chairman John Thune (R-S.D.) on Monday night, adding the breach was “pretty serious.”
  • Democratic staffers on the Senate Intelligence Committee are also interested in the breach and have spoken to Facebook about it, said a Congressional aide.
  • A Facebook spokesperson also said the company had not yet been contacted by the Federal Trade Commission about an investigation. The agency reached a settlement over privacy issues with the social giant in 2012.

The hack has also reverberated in Europe, where regulators have taken a hard line on data protection.

  • “This is really worrying news,” tweeted the European Union’s top data protection official in response to the Irish Data Protection Commission's statement that less than 10% of the 50 million affected accounts were located in the European Union, which could still amount to almost 5 million users.

What’s next: Facebook has promised to provide regulators and the public with more details. “As we work to confirm the location of those potentially affected, we plan to release further info soon,” it said in a tweet.

Go deeper

Coronavirus updates: Market ends worst week since financial crisis

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens.

The stock market ended its worst week since the financial crisis, prompting the Fed to release a statement. Meanwhile, the WHO warned that countries are losing their chance to contain the novel coronavirus and raised its global risk assessment to "very high" Friday.

The big picture: COVID-19 has killed more than 2,860 people and infected more than 84,000 others in over 60 countries and territories outside the epicenter in mainland China. The number of new cases reported outside China now exceed those inside the country.

Go deeperArrowUpdated 7 hours ago - Health

California coronavirus: Latest case has no recent history of international travel

Gov. Gavin Newsom. Photo: Kevork Djansezian/Getty Images

A new case of the novel coronavirus in California was announced on Friday after Gov. Gavin Newsom said Thursday that 33 people had tested positive for the virus, noting the risk to the public remains low.

What's new: An adult woman with chronic health conditions in Santa Clara County who "did not recently travel overseas" or come into contact with anyone known to be ill was confirmed to have contracted the coronavirus on Friday by CDC and California Department of Public Health officials.

Go deeperArrowUpdated 7 hours ago - Health

Big video game conference delayed amid coronavirus concerns

Photo: GDC

Next month's Game Developers Conference in San Francisco became the latest tech event to be cancelled or postponed amid growing concerns over the spread of the novel coronavirus.

The big picture: A growing number of events are being scrapped, including Mobile World Congress and Facebook's F8 developer conference. Some, like the giant SXSW event in Austin, insist they are moving forward.