The FBI Is Now Investigating Facebook's Security Breach Where Attackers Accessed 30 Million Users' Personal Information

An online attack that forced Facebook to log out 90 million users last month directly affected 29 million people on the social network [alternative source], the company said Friday as it released new details about the scope of an incident that has regulators and law enforcement on high alert. The company said the FBI is actively investigating the hack, and asked Facebook not to disclose any potential culprits. From a report: Through a series of interrelated bugs in Facebook's programming, unnamed attackers stole the names and contact information of 15 million users, Facebook said. The contact information included a mix of phone numbers and email addresses. An additional 14 million users were affected more deeply, by having additional details taken related to their profiles such as their recent search history, gender, educational background, geolocation data, birth dates, and lists of people and pages they follow. Facebook said last month that it detected the attack when it noticed an uptick in user activity. An investigation soon found that the activity was linked to the theft of security codes that, under normal circumstances, allow Facebook users to navigate away from the site while remaining logged in. The bugs that allowed the attack to occur gave hackers the ability to effectively take over Facebook accounts on a widespread basis, Facebook said when it disclosed the breach. The attackers began with a relatively small number of accounts that they directly controlled, exploiting flaws in the platform's "View As" feature to gain access to other users' profiles.

You mean cookies?

An investigation soon found that the activity was linked to the theft of security codes that, under normal circumstances, allow Facebook users to navigate away from the site while remaining logged in.

And, by "security codes", we mean session cookies?

No Facebook in prison for Trump.

He will have to content himself with MySpace, until the hangman comes for his orange ass.

Meanwhile at Equifax

... crickets ...

I guess Facebook didn't make their monthly "donation" to the Trump Foundation.

Re:Meanwhile at Equifax

They forget to let Trump jizz all over their face and book.

Facebook needs to be shut down.

[WCMI92]

As a threat to the safety of Americans.

Re:Facebook needs to be shut down.

About the time FB's yellow journalism machine started bragging about their one billion users I knew something like this was going to happen. Something really big. I'd like to say 'told you so' but I'm a polite person. What FB needs is a free market's response to a bad company; it needs to go out of business.

Re:Facebook needs to be shut down.

Just transfer control to FBI.

Its time!

Its time to just shut down these data mining sites like Fakebook ,TWITter, etc...! Its time to make it illegal to collect, buy, sell, or trade people's information, and make it illegal to track people online and in real life! And I mean even for law enforcement agencies and government unless they have a warrant that states specifics, based on CLEAR probable cause!!

For far too long people's privacy has been violated for the worst possible reason...rampant uncontrolled insane corporate greed!! And law enforcement and government violate people's right to privacy on a daily basis, for the most specious of reasons!! Further, law enforcement, government, and corporations want to take away our right to privacy, and are working to erode that right on a daily basis!!

Shadow accounts ?

[Guybrush_T]

Maybe that will be the opportunity to see if shadow accounts actually exist.

Re:Here's a security breach

Now that you are all alone on Slashdot, your anal fixation with creimer is getting worse. Have you seen a proctologist?

Why? Facebook shitty code is their own problem.

Maybe Facebook should spend a few of their billions on a someone with some security experience?

Doesn't FBI have any real cases?

[coderaptor]

Seems like FBI is chasing ghosts than real cases.

Re:Doesn't FBI have any real cases?

Actually, this can be a prelude to something bigger. Typically the information for Facebook accounts tend to be reused it other areas.

Plenty of politicians, CEOs, and businessmen how Facebook accounts, getting around of those credentials can potentially open up other areas for these hackers to get into. Especially since facebook typically has names and photos tied to the owners to identify them.

These hackers could easily be just doing this for shits and giggles or they could also just as easily be doing this to get information on a few people or set group or type of people to be used later.

The potential for this very much SHOULD get the attention of the FBI.

The best possible solution

[bobstreo]

is to hand the investigation and oversight of bookface to the FCC. They fuck up everything they touch. /s

Re:Here's a security breach

creimer is nobody. Not sure what the fuss is over someone with ZERO comments.

GAYpk is back

Funny that you show up for your shift at the trucker stop glory hole, but avoid showing up for anything else.

I am confused about the Hoopla!

[msmonroe]

People don't seem to know how Facebook makes money. Isn't the information that was stolen normally information that Facebook sells and not considered private? I think it would be more of a big deal if the information was medical or financial. This information was basically information that people gave away for free already to Facebook to make money. Am I missing something here?

So what else is new?

[AndyKron]

Fuck Apple even if this isn't about them just because.

Re:So what else is new?

Nice. Really. Owe you a beer.

Blame the users

[Locke2005]

If you input real names and phone number into Facebook, it's kind of on you when that data gets stolen. That being said, does it now require a working SMS message receiver to create a Facebook account? Hmm... how do I fake that so I don't have to use my actual cell number? Google voice?

Just stop

Time to stop using Facebook everybody.

Impersonating me again? apk

See subject & c6gunner it's YOU https://mobile.slashdot.org/co... or "ZIP" https://yro.slashdot.org/comme... whom I annihilated (he really wasted himself).

* GROW UP... my original post you "bit off of" & probably altered (I didn't bother read yours) https://news.slashdot.org/comm...

APK

P.S.=> I pity you - why? You IMPERSONATING me?? Proves you WISH you were me (via your INFERIOR imitation & imitation IS the sincerest form of FLATTERY)... apk

Chickenshit you're projecting again

Chickenshit you're projecting you're problems onto me again as you hide behind UNIDENTIFIABLE anonymous posts. You're pitiful.

* Seriously WEAK & pitiful...

APK

P.S.=> Grow up weaselboy... apk

Re:Chickenshit you're projecting again

Your software is just crap - written in crayon, fictional... I'm going to continue using the Host File Engine as a punchline to a joke by mmell February 17, 2017

Your premise that hostfiles are a good way to deal with advertising and malvertising is fucking insane - by JazzLad April 20, 2016

his hosts "program" is actually a broken batch file by xenotransplant August 10 2015

his hosts tool is actually useful for those cases in which one does indeed want to be a laughingstock while consuming excessive amounts of alcohol by alexgieg September 25 2015

I like your tinfoil hat by Karmashock September 09 2015

that APK nut, I can't get him to stop talking about his piece of shit file by rogoshen1 Tuesday March 03, 2015

I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017

APK

P.S.=> When YOU do better than THAT by our /. registered peers, then talk (from behind your FAKE NAME for your FAKE LIE of a "so-called" WASTED life) - ok? apk

If this investigation is anything like Kavanaugh..

[ayesnymous]

then the FBI will not interview any Facebook employees, and will only interview a few users who will say they never noticed anything suspicious.