Today’s revelation from Facebook’s security blog was that the personal information of 14 million of the initial 50 million accounts hacked this month included their “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.”
In other words, an identity thief or hacker’s cornucopia.
Facebook VP of Product Management Guy Rosen was the author of the blog post, innocuously titled “An Update on the Security Issue,” which either reflects a rare gift for understatement on Rosen’s part, or summarizes the relative insouciance with which Facebook treats its almost impressive number of data breaches, gaffes, and general violation of customer trust and goodwill. Or both.
The same announcement went on to downgrade the number of users who “actually” (emphasis theirs) had their access tokens stolen to 30 million (although the initial report of affected accounts is still 50 million), and went on to explain how the hack worked. Hackers exploited a security hole through accounts they commandeered to take control of their friends’ accounts, and finally the friends of their friends’ accounts, amounting to 400,000 people in total. From there, they gained access to the name and contact details for roughly half of their targets (roughly 15 million), and wider ranging information from the other half (roughly 14 million).
In a related story, Facebook also rolled out a $200 speaker / digital assistant video device with a built-in smart camera that can automatically track and record you in your own home. What could possibly go wrong?