The FBI Is Now Investigating Facebook's Security Breach Where Attackers Accessed 30 Million Users' Personal Information

An online attack that forced Facebook to log out 90 million users last month directly affected 29 million people on the social network [alternative source], the company said Friday as it released new details about the scope of an incident that has regulators and law enforcement on high alert. The company said the FBI is actively investigating the hack, and asked Facebook not to disclose any potential culprits. From a report: Through a series of interrelated bugs in Facebook's programming, unnamed attackers stole the names and contact information of 15 million users, Facebook said. The contact information included a mix of phone numbers and email addresses. An additional 14 million users were affected more deeply, by having additional details taken related to their profiles such as their recent search history, gender, educational background, geolocation data, birth dates, and lists of people and pages they follow. Facebook said last month that it detected the attack when it noticed an uptick in user activity. An investigation soon found that the activity was linked to the theft of security codes that, under normal circumstances, allow Facebook users to navigate away from the site while remaining logged in. The bugs that allowed the attack to occur gave hackers the ability to effectively take over Facebook accounts on a widespread basis, Facebook said when it disclosed the breach. The attackers began with a relatively small number of accounts that they directly controlled, exploiting flaws in the platform's "View As" feature to gain access to other users' profiles.

I have comments ...apk

Man, especially in the USA - don't be afraid to speak YOUR MIND, ever. Especially if/when YOU are the 'labor' you noted behind an effort & can BACK YOURSELF w/ UNDENIABLE facts (especially vs. Social JUST US nonsensical lies that DEFY COMMON-SENSE)...
Why? You actually CONTRIBUTE to the GENERAL GOOD & have that right & the fact it's YOUR WORK, not anyone else's so they can go take a flying "F", because you are dead-on RIGHT on 1 thing:
Minus developer's efforts, the Social JUST US losers are zero (less than zero actually - they're ZEROS already). They don't LIKE THAT? Do it yourself then HELPLESS HENRY - see how far you get & how difficult it is doing actual work that takes BRAINS (not just hot blowhard air complaints).
PUT IT THIS WAY:
An asshole threatened me here yesterday & has been STALKING ME by UNIDENTIFIABLE anonymous posts for YEARS (as well as IMPERSONATING me to LIBEL me or to TRY "make me look bad").
I told him STRAIGHT OUT "Name the time & place & we can have this out, face to face/man to man" (though he HIDES behind UNIDENTIFIABLE anonymous posts like the WORM BITCH he is)!
He said "your place" & started saying "APK is AFRAID to show is home address" - yea? BIG mistake.
https://mobile.slashdot.org/co...
I waited for HOURS & no-show from that NO BALLS PUSSY WORM.
See - I don't try "pretend" to be anything more than a normal guy who has limits to his patience & everyone has limits until the bs of "civillity" are reached & you say "FUCK YOU" (especially when constantly STALKED or IMPERSONATED as I have been here for years) - I hit mine last night.
HOWEVER - when the SHIT HIT THE FAN?
The little BITCH who's been STALKING &/or IMPERSONATING me CAVED IN & never showed up- showing you their "Character" (lack of it).
Cocksucker won't even STAND BEHIND HIS WORDS (but I will mine & yes, I would beat the FUCK out of anyone doing what the little CUNT's being doing my way - no problem).
Again: I don't do what LOSERS & LIARS do in trying to "pretend" to be something I am not - but assholes, do!
(... & they HIDE while doing it either behind FAKE NAMES online meaning they have something to HIDE or are nobody loser do-nothings imo OR they STALK ME by UNIDENTIFIABLE anonymous posts proving they are WEASELS & PUNKS).
APK
P.S.=> I've never believed in TRYING to "fit in" (especially to some political SHITBAG's view/idea of "how it should be") to a crowd based on a line of bullshit OR kowtowing to some ARTIFICIALLY CREATED (by sockpuppetry attempts @ PEER PRESSURE) "group think" crap (especially when it IS crap) hiding who YOU really are & instead being what Charlie Sheen called a "PLASTIC WORM" (loved him during his 'crazy period' because he WAS SO HONEST DURING IT) so, No - I don't GO for that shit because it's PURE BULLSHIT trying to "push you around" via FAKE "peer pressure" for some agenda created by FLAKES & LOSERS - & neither should you (or anyone else)... apk

You mean cookies?

An investigation soon found that the activity was linked to the theft of security codes that, under normal circumstances, allow Facebook users to navigate away from the site while remaining logged in.

And, by "security codes", we mean session cookies?

No Facebook in prison for Trump.

He will have to content himself with MySpace, until the hangman comes for his orange ass.

Here's a security breach

If creimer plops creimer's fat ass down on your toilet, you better get the plunger ready.

creimer BEEFS.

creimer will drop 5 or 6 forearm-sized logs in there with no flushes in between. Rumor has it that on creimer's last government IT job creimer used to shit in the shower and heel it down the drain.

Re:Here's a security breach

Now that you are all alone on Slashdot, your anal fixation with creimer is getting worse. Have you seen a proctologist?

Re:Here's a security breach

If I am alone, who is creimer? The last proctologist I saw actually had you as a patient, he said he mistakenly opened your skull instead of your ass and didn't notice for half an hour!

Re:Here's a security breach

creimer is nobody. Not sure what the fuss is over someone with ZERO comments.

Meanwhile at Equifax

... crickets ...

I guess Facebook didn't make their monthly "donation" to the Trump Foundation.

Re:Meanwhile at Equifax

They forget to let Trump jizz all over their face and book.

Facebook needs to be shut down.

[WCMI92]

As a threat to the safety of Americans.

Re:Facebook needs to be shut down.

About the time FB's yellow journalism machine started bragging about their one billion users I knew something like this was going to happen. Something really big. I'd like to say 'told you so' but I'm a polite person. What FB needs is a free market's response to a bad company; it needs to go out of business.

Re:Facebook needs to be shut down.

Just transfer control to FBI.

Its time!

Its time to just shut down these data mining sites like Fakebook ,TWITter, etc...! Its time to make it illegal to collect, buy, sell, or trade people's information, and make it illegal to track people online and in real life! And I mean even for law enforcement agencies and government unless they have a warrant that states specifics, based on CLEAR probable cause!!

For far too long people's privacy has been violated for the worst possible reason...rampant uncontrolled insane corporate greed!! And law enforcement and government violate people's right to privacy on a daily basis, for the most specious of reasons!! Further, law enforcement, government, and corporations want to take away our right to privacy, and are working to erode that right on a daily basis!!

Ttaco

another folder. 20 5ave Linux from a

Shadow accounts ?

[Guybrush_T]

Maybe that will be the opportunity to see if shadow accounts actually exist.

Why? Facebook shitty code is their own problem.

Maybe Facebook should spend a few of their billions on a someone with some security experience?

Doesn't FBI have any real cases?

[coderaptor]

Seems like FBI is chasing ghosts than real cases.

Re:Doesn't FBI have any real cases?

Actually, this can be a prelude to something bigger. Typically the information for Facebook accounts tend to be reused it other areas.

Plenty of politicians, CEOs, and businessmen how Facebook accounts, getting around of those credentials can potentially open up other areas for these hackers to get into. Especially since facebook typically has names and photos tied to the owners to identify them.

These hackers could easily be just doing this for shits and giggles or they could also just as easily be doing this to get information on a few people or set group or type of people to be used later.

The potential for this very much SHOULD get the attention of the FBI.

Impersonating me again? apk

See subject & c6gunner it's YOU https://mobile.slashdot.org/co... or "ZIP" https://yro.slashdot.org/comme... whom I annihilated (he really wasted himself).

* GROW UP... my original post you "bit off of" & probably altered (I didn't bother read yours) https://news.slashdot.org/comm...

APK

P.S.=> I pity you - why? You IMPERSONATING me?? Proves you WISH you were me (via your INFERIOR imitation & imitation IS the sincerest form of FLATTERY)... apk

The best possible solution

[bobstreo]

is to hand the investigation and oversight of bookface to the FCC. They fuck up everything they touch. /s

They Also Investigate

Non criminal events that have no substantial evidence and happened 30+ years ago (well over the statute of limitations) at school parties. I'm just wondering when they will investigate who's dog crapped in my front lawn because unlike following around Mr Luther King and Bret's party mishaps that is actually a crime in my city.

GAYpk is back

Funny that you show up for your shift at the trucker stop glory hole, but avoid showing up for anything else.

I am confused about the Hoopla!

[msmonroe]

People don't seem to know how Facebook makes money. Isn't the information that was stolen normally information that Facebook sells and not considered private? I think it would be more of a big deal if the information was medical or financial. This information was basically information that people gave away for free already to Facebook to make money. Am I missing something here?

So what else is new?

[AndyKron]

Fuck Apple even if this isn't about them just because.

Re:So what else is new?

Nice. Really. Owe you a beer.

Blame the users

[Locke2005]

If you input real names and phone number into Facebook, it's kind of on you when that data gets stolen. That being said, does it now require a working SMS message receiver to create a Facebook account? Hmm... how do I fake that so I don't have to use my actual cell number? Google voice?

Just stop

Time to stop using Facebook everybody.

Impersonating me again? apk

See subject & c6gunner it's YOU https://mobile.slashdot.org/co... or "ZIP" https://yro.slashdot.org/comme... whom I annihilated (he really wasted himself).

* GROW UP... my original post you "bit off of" & probably altered (I didn't bother read yours) https://news.slashdot.org/comm...

APK

P.S.=> I pity you - why? You IMPERSONATING me?? Proves you WISH you were me (via your INFERIOR imitation & imitation IS the sincerest form of FLATTERY)... apk

Chickenshit you're projecting again

Chickenshit you're projecting you're problems onto me again as you hide behind UNIDENTIFIABLE anonymous posts. You're pitiful.

* Seriously WEAK & pitiful...

APK

P.S.=> Grow up weaselboy... apk

Re:Chickenshit you're projecting again

Your software is just crap - written in crayon, fictional... I'm going to continue using the Host File Engine as a punchline to a joke by mmell February 17, 2017

Your premise that hostfiles are a good way to deal with advertising and malvertising is fucking insane - by JazzLad April 20, 2016

his hosts "program" is actually a broken batch file by xenotransplant August 10 2015

his hosts tool is actually useful for those cases in which one does indeed want to be a laughingstock while consuming excessive amounts of alcohol by alexgieg September 25 2015

I like your tinfoil hat by Karmashock September 09 2015

that APK nut, I can't get him to stop talking about his piece of shit file by rogoshen1 Tuesday March 03, 2015

I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017

APK

P.S.=> When YOU do better than THAT by our /. registered peers, then talk (from behind your FAKE NAME for your FAKE LIE of a "so-called" WASTED life) - ok? apk

If this investigation is anything like Kavanaugh..

[ayesnymous]

then the FBI will not interview any Facebook employees, and will only interview a few users who will say they never noticed anything suspicious.