Facebook hack affects 30 million user accounts

12 Oct 2018

Facebook revealed it had discovered a security issue affecting millions of accounts on 25 September 2018. The attackers exploited a vulnerability in Facebook’s code that impacted 'View As', a feature that lets users see what their own profile looks like to someone else. When composing a birthday wish message with video, as of July 2017, the attacker could exploit the 'View as' option of the video uploader to get access to the profile of the user being looked up, including their login details. The access token was then available in the HTML of the page and extracted by the attackers who exploited it to login as another user. Facebook reset the access tokens of almost 50 million accounts thought to be affected, and temporarily disabled the 'View As' feature. On 12 October, Facebook announced hackers actually stole access tokens of about 30 million users, 20 million less than previously thought. For 15 million users, attackers accessed name and contact details (phone number, email, or both). For 14 million users, the attackers accessed name and contact details, as well as other details people had on their profiles, including username, gender, religion, birth date, etc. For 1 million users, the attackers did not access any information.

 

Explore the issues

Privacy and data protection are two interrelated Internet governance issues. Data protection is a legal mechanism that ensures privacy. Privacy is usually defined as the right of any citizen to control their own personal information and to decide about it (to disclose information or not). Privacy is a fundamental human right. It is recognised in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and in many other international and regional human rights conventions. The July 2015 appointment of the first UN Special Rapporteur on the Right to Privacy in the Digital Age reflects the rising importance of privacy in global digital policy, and the recognition of the need to address privacy rights issues the the global, as well as national levels.

Cybersecurity is among the main concerns of governments, Internet users, technical and business communities. Cyberthreats and cyberattacks are on the increase, and so is the extent of the financial loss. 

Yet, when the Internet was first invented, security was not a concern for the inventors. In fact, the Internet was originally designed for use by a closed circle of (mainly) academics. Communication among its users was open.

Cybersecurity came into sharper focus with the Internet expansion beyond the circle of the Internet pioneers. The Internet reiterated the old truism that technology can be both enabling and threatening. What can be used to the advantage of society can also be used to its disadvantage.

Cybercrime is crime committed via the Internet and computer systems. One category of cybercrimes are those affecting the confidentiality, integrity and availability of data and computer systems; they include: unauthorised access to computer systems, illegal interception of data transmissions, data interference (damaging, deletion, deterioration, alteration of suppression of data), system interf

Intermediaries play a vital role in ensuring Internet functionality. In several Internet governance areas, such as copyright infringement and spam, Internet Service Providers (ISPs) are considered key online intermediaries. In other areas, such as defamation and the so-called right to be forgotten, the responsibility extends to hosts of online content and search engines.

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top