“The attack, detected in late September, exposed some users’ emails and phone numbers, as well as profile information including gender, location, birth date, and recent search history,” Mac reports. “The attack involved the capturing of Facebook “access tokens,” or digital keys that allow websites to recognize who someone is and keep them logged in. Using accounts they already controlled, the attackers used an “automated technique” to exploit Facebook’s ‘View As’ functionality and steal access tokens for some 400,000 people. Hackers than used friend lists from a portion of those 400,000 affected accounts to obtain access tokens for another 30 million people. ”
Mac reports, “‘For 15 million people, attackers accessed two sets of information – name and contact details (phone number, email, or both, depending on what people had on their profiles),’ the company said in its release. ‘For 14 million people, the attackers accessed the same two sets of information, as well as other details people had on their profiles. This included username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.'”
Much more in the full article here.
MacDailyNews Take: Faceplant.
As we’ve written previously, “If you trust Mark Zuckerberg to be the keeper of your photos, contacts, political views, religious beliefs, etc., you’re batshit insane.”
Instant messages sent by Mark Zuckerberg during Facebook’s early days, reported by Business Insider, May 13, 2010:
Zuckerberg: Yeah so if you ever need info about anyone at Harvard
Zuckerberg: Just ask
Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend’s Name]: What? How’d you manage that one?
Zuckerberg: People just submitted it.
Zuckerberg: I don’t know why.
Zuckerberg: They “trust me”
Zuckerberg: Dumb fucks
We use FaceBook as an RSS feed. Our CMS automatically reposts our article headlines and links them back to our website. That is our only interaction with Facebook and has been our only interaction with Facebook for years. We deleted our personal accounts [which we opened only so we could understand the Facebook phenomenon] many years ago.
If you want to share photos and videos with friends, text them using Apple’s end-to-end encrypted iMessage service. You need to control your social networking, not cede it to a gatekeeper like Facebook. – MacDailyNews, March 19, 2018
Facebook discovers security breach affecting 50 million users – September 28, 2018
Facebook is giving advertisers access to users’ shadow contact information – September 27, 2018
42% of U.S. users have ‘taken a break’ from Facebook; 28% have deleted the Facebook app in the past year – September 5, 2018
Mark Zuckerberg loses $16 billion in record Facebook fall – July 26, 2018
Facebook stock plunges as users vanish – July 25, 2018
Apple highlights user privacy as Facebook exec steps down – June 14, 2018
The 18 things you may not realize Facebook knows about you: Firm reveals the extent of its spying in a 454-page document to U.S. Congress – June 12, 2018
Facebook confirms sharing users’ personal data with Chinese companies – June 6, 2018
Apple’s macOS Mojave removes integration with third-party internet accounts like Facebook – June 6, 2018
Apple borks Facebook’s pervasive personal data-harvesting operation – June 5, 2018
Apple requested ‘zero’ personal data in deals with Facebook – CEO Tim Cook – June 5, 2018
Facebook CEO blasts Apple’s latest privacy protections as ‘cute virtue signaling’ – June 5, 2018
[Thanks to MacDailyNews readers too numerous to mention individually for the heads up.]