Facebook Finds Hack Was Done by Spammers, Not Foreign State
18 October 2018 - 12:16PM
Dow Jones News
By Robert McMillan and Deepa Seetharaman
Facebook Inc. believes that the hackers who gained access to the
private information of 30 million of its users were spammers
looking to make money through deceptive advertising, according to
people familiar with the company's internal investigation.
The preliminary findings suggest that the hackers weren't
affiliated with a nation-state, the people said.
Facebook's security team has been investigating the incident
since Sept. 25, when it discovered that someone was downloading a
large quantity of digital access tokens on the social network.
In several public briefings about the incident, the company has
declined to say who is behind the attack, which it has called the
biggest security breach in its history. When they first announced
the attack, Facebook officials said they may never discover the
identities of the hackers.
Internal researchers now believe that the people behind the
attack are a group of Facebook and Instagram spammers that present
themselves as a digital marketing company, and whose activities
were previously known to Facebook's security team, said the people
familiar with the investigation.
Facebook has previously said it was working closely with the
Federal Bureau of Investigation on a criminal probe into the
incident.
The incident immediately raised questions about the hackers'
motivation, in part because Russian and Iranian operatives have in
the past used social media, including Facebook, to cause mischief
in the U.S. Other countries, including North Korea and China, have
in the past been accused of cyberattacks for various purposes.
The stolen tokens are digital keys that allowed the hackers to
access any part of a user's Facebook account, and would be of great
use to state-sponsored attackers looking to conduct espionage,
according to security researchers.
However, the Facebook internal probe suggests the goal of the
hackers was financial, not ideological, the people said.
The hackers accessed only a limited subset of the data they
could have taken, Facebook said last week. Instead of accessing
personal messages, they accessed contact details -- including phone
numbers and email addresses -- gender, relationship status, and
search and check-in data belonging to 14 million users. For another
15 million users, only names and contacts were accessed; and the
attackers didn't obtain personal information from 1 million people
affected by the breach.
Hackers gained access to the accounts by exploiting a
vulnerability in Facebook's "view as" feature, which lets people
see how their profiles appear to others. Three obscure bugs in
Facebook's code allowed the outsiders to steal the data, making it
a complicated attack to execute.
The incident is one of the latest setbacks for the social-media
giant, which has been under fire for its mishandling of a two-year
Russian influence operation on its platform and failing to protect
user data that was shared with third-party developers years
ago.
On Friday, a Facebook official repeatedly declined to share
details about who was behind the breach, citing Facebook's
cooperation with the FBI. "They're actively investigating this with
us and they've asked us not to discuss who may be behind this
attack or what their intentions could be," said Guy Rosen, a
Facebook vice president who oversees the company's safety and
security efforts.
Write to Robert McMillan at Robert.Mcmillan@wsj.com and Deepa
Seetharaman at Deepa.Seetharaman@wsj.com
(END) Dow Jones Newswires
October 17, 2018 21:01 ET (01:01 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From Apr 2024 to May 2024
Meta Platforms (NASDAQ:META)
Historical Stock Chart
From May 2023 to May 2024