The Latest: Facebook blocks AP, Guardian stories about hack

The Latest on Facebook security breach (all times local):

5 p.m.

Facebook briefly blocked people from posting articles by The Associated Press and The Guardian about its security breach, announced Friday, which affected 50 million accounts. When users tried to post the articles, a notice popped up saying the article had triggered a filter for likely spam.

“Our security systems have detected that a lot of people are posting the same content, which could mean that it’s spam,” the notice said. “Please try a different post.”

Similar articles by The New York Times and other outlets were not blocked.

Facebook did not respond to a request for comment.

———

2:15 p.m.

Facebook says it doesn’t know whether hackers had specific targets in exploiting security vulnerabilities to access some 50 million user accounts.

Facebook executive Guy Rosen says the attack seems broad. He says Facebook doesn’t know who’s behind the attacks or where they’re based.

The company says hackers exploited its “View As” feature, which lets people see what their profiles look like to someone else. Rosen says the bug somehow allowed a video uploader to appear for sending happy birthday messages. Another bug then created a log-in key that made Facebook think the hacker had legitimately signed in with the account being viewed.

Facebook says the investigation is continuing.

———

2 p.m.

One security expert says the hacking attack on Facebook is serious — but only Facebook knows how serious.

Jake Williams, the president of Rendition Infosec, says the log-in keys that hackers got on some 50 million user accounts would likely allow hackers to view private information and post on other people’s behalf. He says access could also extend to other Facebook apps, such as Messenger.

He says the bigger concern is whether this could affect third-party applications since so many people let other sites log them in with their Facebook credentials.

But he says the log-in keys, called access tokens, wouldn’t let hackers get the users’ actual passwords. Facebook is saying there’s no need for users to reset passwords.

Facebook disclosed the breach Friday.

———

1:50 p.m.

Facebook is saying the security breach affecting 50 million user accounts required some sophistication.

Facebook executive Guy Rosen says hackers exploited three distinct bugs to access the accounts. He says hackers needed to not only steal log-in keys but know how to use them.

Facebook says hackers got those keys, called access tokens, through Facebook’s “View As” feature, which lets people see what their profiles look like to someone else. These tokens keep people logged in so they don’t have to re-enter passwords each time.

The company says it started investigating when it noticed increased user access to the service nearly two weeks ago. Facebook says the FBI has been notified in the U.S., as have Irish data protection officials for the European Union.

———

1:25 p.m.

Facebook CEO Mark Zuckerberg says the company doesn’t know yet whether hackers who had exploited a security vulnerability have misused any of the user account information.

He says there’s no evidence yet that hackers used the vulnerability to see other people’s private messages or posts or to post on those accounts. But Facebook says the investigation is continuing.

Facebook says it recently discovered a security breach affecting nearly 50 million user accounts.

In a blog post, the company says hackers exploited its “View As” feature, which lets people see what their profiles look like to someone else. Facebook says it has taken steps to fix the security problem and alerted law enforcement.

———

1:10 p.m.

Facebook says it recently discovered a security breach affecting nearly 50 million user accounts.

In a blog post, the company says hackers exploited its “View As” feature, which lets people see what their profiles look like to someone else. Facebook says it has taken steps to fix the security problem and alerted law enforcement.

To deal with the issue, Facebook reset some logins, so 90 million people have been logged out and will have to log in again. That includes anyone who has been subject to a “View As” lookup in the past year.

Facebook says it doesn’t know who’s behind the attacks or where they’re based.

The hack is the latest security headache for Facebook, which has been dealing with political disinformation campaigns from Russia and elsewhere since 2016.

Be the first to comment

Leave a Reply

Your email address will not be published.


*