This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html

The article has changed 7 times. There is an RSS feed of changes available.

Version 2 Version 3
Facebook Is Breached, Putting 50 Million Users’ Data at Risk Facebook Network Is Breached, Putting 50 Million Users’ Data at Risk
(35 minutes later)
SAN FRANCISCO — Facebook said on Friday that an attack on its computer network had exposed the personal information of nearly 50 million users.SAN FRANCISCO — Facebook said on Friday that an attack on its computer network had exposed the personal information of nearly 50 million users.
The company said it discovered the breach this week, finding that attackers had exploited a feature in Facebook’s code that allowed them to take over user accounts. The company said it fixed the vulnerability and notified law enforcement officials. The company said it discovered the breach this week. The attackers exploited a feature in Facebook’s code that allowed them to take over user accounts. Early Friday, Facebook forced more than 90 million users to log out of their accounts, a common safety measure taken when accounts have been compromised.
“We’re taking it really seriously,” Mark Zuckerberg, the company’s chief executive, said in a conference call with reporters. “We have a major security effort at the company that hardens all of our surfaces.” He added: “I’m glad we found this. But it definitely is an issue that this happened in the first place.” Facebook said it had fixed the vulnerability and notified law enforcement officials.
More than 90 million Facebook users were forced to log out of their accounts early Friday, a common safety measure taken when accounts have been compromised. “We’re taking it really seriously,” Mark Zuckerberg, the company’s chief executive, said in a conference call with reporters. “I’m glad we found this, but it definitely is an issue that this happened in the first place.”
Facebook said it did not know the origin or identity of the attackers, nor had it fully assessed the scope of the attack. The company said it was still in the beginning stages of its investigation. Facebook said it did not know the origin or identity of the attackers, nor had it fully assessed the scope of the attack. Its investigation is still in its beginning stages, it said.
Facebook said the attackers had exploited a bug in the site’s “view as” feature, which allows users to to view their own profiles as if they were someone else. The feature was built to give users move control over their privacy. The attackers exploited two bugs in the site’s “view as” feature, which allows users to view their own profiles as if they were someone else, Facebook said. The feature was built to give users more control over their privacy.
The company said that bug was compounded by one in Facebook’s video-uploading program, a software feature that was introduced last year. The flaw had allowed the attackers to steal so-called access tokens — digital keys that allow access to an account. That was compounded by a flaw in Facebook’s video-uploading program, a software feature that was introduced in July 2017, the company said. The flaw allowed the attackers to steal so-called access tokens — digital keys that allow access to an account.
The attack was discovered as Facebook continues to contend with the aftermath of its role in a widespread Russian disinformation campaign during the 2016 presidential election and from the fallout of the British consulting firm Cambridge Analytica scandal improperly harvesting the personal data of up to 87 million Facebook users. The company also faces the prospect of federal regulation amid questions about whether it has grown too powerful. It is not clear when the attack happened, but it appears to have occurred after the video-uploading program was introduced.
One of the primary challenges for the company has been convincing its users that it can responsibly handle the incredible wealth of data it has access to. More than two billion people use Facebook every month; another two billion use WhatsApp, a Facebook-owned messaging app, and Instagram, the Facebook-owned photo-sharing app. The attack was discovered as Facebook continued to contend with the aftermath of its role in a widespread Russian disinformation campaign during the 2016 presidential election and from the fallout of the Cambridge Analytica scandal, in which a British consulting firm improperly harvested the personal data of up to 87 million Facebook users. The company also faces the prospect of federal regulation amid questions about whether it has grown too powerful.
One of Facebook’s primary challenges has been convincing users that it can responsibly handle the incredible wealth of data it has access to. More than two billion people use Facebook every month; two billion also use WhatsApp, a Facebook-owned messaging app, and Instagram, the Facebook-owned photo-sharing app.
“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Mr. Zuckerberg said in a statement regarding Cambridge Analytica this year.“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Mr. Zuckerberg said in a statement regarding Cambridge Analytica this year.
Even before the disclosure on Friday, Facebook was caught up in multiple federal investigations related to its broader data-sharing and privacy practices. The Securities and Exchange Commission has opened an inquiry into the company’s statements about the Cambridge Analytica episode. Even before the disclosure on Friday, Facebook was caught up in multiple federal investigations of its data-sharing and privacy practices. The Securities and Exchange Commission has opened an inquiry into the company’s statements about the Cambridge Analytica episode.
Facebook insists it has instituted strict data-sharing policies with third parties, and has scaled back the amount of data it agrees to share with developers in the future. The company suspended access to more than 400 third-party apps after an audit of the thousands of outside apps connected to Facebook. Facebook insists that it has instituted strict data-sharing policies with third parties, and has scaled back the amount of data it agrees to share with developers. The company suspended access to more than 400 third-party apps after an audit of the thousands of outside apps connected to Facebook.
In the conference call on Friday, Guy Rosen, a vice president of product management at Facebook, declined to say whether the attack could have been coordinated by hackers supported by a nation-state. He said the attack was “complex,” and leveraged three separate bugs in Facebook’s code that, once compounded, provided widespread access to user accounts.
The hackers also tried to harvest people’s private information, including name, sex and hometown, from Facebook’s systems.
Facebook has been reshuffling its security teams since Alex Stamos, the chief security officer, left in August for a teaching position at Stanford University. Instead of acting as a stand-alone unit, security team members work more closely with product teams across the company. The move, the company said, is an effort to embed security across every step of Facebook product development.
Members of Congress immediately seized on the latest breach to criticize Facebook.
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users,” Senator Mark Warner, a Democrat from Virginia and one of Facebook’s most vocal critics in Congress, said in a statement. “A full investigation should be swiftly conducted and made public so that we can understand more about what happened.”