Facebook has given new data on the hack in its network that announced two weeks ago. The company has announced that it will send personalized messages to affected users in the next few days to monitor sms, emails or suspicious calls they may receive, as announced by the product vice president, Guy Rosen, at a telephone press conference from the headquarters of the company in Menlo Park (California).
The stolen data can be used by hackers to pose as friends of possible new victims. The attackers removed from the pirated profiles information about name, gender, marital status, religion, birthday, current city, types of devices used to access Facebook, work, the last 10 places from which they entered the social network and their 15 searches most recent That level of specificity gives many options to hackers to try to pass themselves off as affected by other friends and get information, not only on Facebook, but also by email or phone.
FBI executive deputy director Amy Hess said Friday at a rally in Washington, on the sidelines of Facebook’s announcement, that personal data theft is a growing cybercriminal trend: “We see a combined threat: nation-states that are using hackers who have committed crimes to enforce their orders and also actors of criminal organizations whose objective is national security, especially through the theft of personally identifiable information, “he explained. That information, especially for the 14 million Facebook users who have been most affected by the attack.
Rosen has repeated again and again that they can not give details of the geographical origin or the intentions of the hackers because the FBI had specifically asked for it. The vice president of product has admitted that the origin of the victims is “quite broad”, but has not gone further by warning of the US federal authorities. The company is also collaborating with the Irish Data Protection Commission. The loss of user data in the European Union could lead to a fine for the social network.
Facebook is not aware, for now, that the stolen data have been used or shared on the Internet: “We have not seen any evidence that any of this data has been used,” Rosen said.
Facebook has reduced the total number of affected from the initial 50 million to 29. The error is due, according to Rosen, to the “extreme rapidity” with which they gave the initial information.
The 29 million are divided into three groups. A first group of 400,000 users whose accounts hackers “already controlled,” according to Rosen. That should have allowed Facebook and the FBI to narrow down the origin of the attackers. The other two groups are divided almost equally between 15 and 14 million and their only difference is the depth of profile data to which the hackers had access.
The company has insisted that its other brands -Instagram, WhatsApp or Messenger- were not affected. Facebook also has no evidence that the attackers used access to Facebook accounts to enter other applications that can be accessed with the network’s login , such as Spotify or Tinder.
The credit card information has not been compromised, Rosen said, although the last four figures in the case of some users. This type of detail can give plausibility to a phishing message , where a hacker poses as a bank and tries to get someone to give information – basically a password – voluntarily.
Rosen has again apologized for the loss of private data of people who had entrusted them, but has also admitted that it is impossible for the data to be completely safe: “There will always be problems, we try to move faster and faster,” he explained.