Facebook: Up to 90 million addicts' accounts slurped by hackers, no thanks to crappy code

Found on The Register on Friday, 28 September 2018

Facebook confessed today that buggy code potentially exposed all of its users' accounts to hackers over the past 14 months. It reckons miscreants snooped on least 50 million people's private profiles, and perhaps as much as 90 million.

In effect, any Facebook user account was wide open to being hacked, although the Silicon Valley goliath estimated that "only" 50 million accounts were, in the words of a spokesperson, "directly affected." A further 40 million had their accounts "looked up."

Facebook spotted the hole after it noted a suspicious "spike" in user activity on Tuesday. The attack was "fairly large scale," it admitted, and when it investigated the cause, it discovered hackers were using the site's API to automate the process of grabbing users' profile information

So, harvesting the data was not noticed as long as attackers kept the volume low. The next bug will be exploited at a slower rate; just like spammers who do not try to stuff millions of spams into a hacked account for sending anymore, but keep outgoing mail at a low rate to avoid detection and use the hacked account for a longer time.

Browse all articles« Previous « » Next »