Senior Facebook executive apologises for data breach affecting 50 million users

Share

In the biggest-ever security breach after Cambridge Analytica scandal, Facebook on Friday admitted hackers broke into almost 50 million users' accounts by stealing their "access tokens" or digital keys.

With Facebook's latest security breach, the senator from Virginia contended that Washington needs to do more to make sure that technology giants holding mass amounts of personal information take every measure possible to keep it safe.

Facebook said it logged out around 90m users as a safety precaution, while around 50m were believed to be affected.

More than 50 million users were affected by the breach that was reported on Friday.

Facebook said it had fixed the vulnerability and also informed law enforcement agencies.

The issue was discovered on Tuesday 25 September by the company's engineering team.

Given the recent attention on Facebook by regulators within the U.S. and overseas, Kargathra said Facebook needed to demonstrate a robust approach to breach management that expressed a focus on the protection of user data and transparency of activities undertaken in response to the incident.

"While this information was supposed to be protected, Facebook, without authorization, exposed that information to third parties through lax and non-existent data safety and security policies and protocols".

Facebook, which has over 200 million users in India, counts the country among those with largest user bases globally.

More news: Graham: GOP senators want 'limited' Federal Bureau of Investigation probe into Kavanaugh
More news: Users Complain About Excessive Skin Smoothing On iPhone XS Selfie Camera
More news: Court Lifts Ban on Women in Prominent Hindu Temple in India

"I won't be putting any information that I don't want people to see social media", Fernandez said.

"In order to bypass Facebook's security controls without raising alarm bells, this attack would have had to be complex, sophisticated, and stealthy".

Facebook revealed Friday that hackers exploited a trio of software flaws to steal "access tokens", the equivalent of digital keys that enable people to automatically log back into the social network.

You can log into your Instagram account or some platforms with your Facebook account.

Hackers could have also gotten into third-party applications linked to Facebook accounts, but it was too early to determine whether that happened, according to the social network.

If you use Facebook to log into other services - like Instagram or Tinder - then Facebook hack attackers may have stolen all of your profile info, photos, private messages and more.

Either way, it will now be harder for the public to believe the company has made progress since CEO Mark Zuckerberg pledged in April US congressional hearings to protect user data above all else and invest more in security. That political consulting firm told Facebook it had deleted the information, but it hadn't. The data transfer also happened several years earlier, and Facebook had scrapped ties with developers that allowed it to happen.

Rosen would not confirm whether the breach was state-backed, but added the hackers "did need a certain level in order for attacker not only get access but to pivot on the access tokens". In other words, Facebook is providing the identity management for countless other sites and services.

Share