Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Niall Carson/PA Wire/PA Images

Tens of thousands of Irish users' emails and phone numbers were exposed in last year's Facebook hack

Confidential emails from the social networking giant reveal the local fallout of the September attack.

TENS OF THOUSAND of Facebook users in Ireland had private information like their phone numbers and emails exposed in a major hack last year, confidential correspondence from the social networking giant shows.

The total included more than 20,000 users who had both their contact details and other sensitive data like their birth dates and locations accessed by hackers.

The figures were included in an email to the communications minister, Richard Bruton, in the wake of the damaging security breach – which will be a major test case for the Irish Data Protection Commission’s enforcement of strict new EU data protection rules.

Facebook has not publicly shared a breakdown of how many users in Ireland were affected by the hack, which involved attackers stealing ‘access tokens’ for around 30 million accounts worldwide over a two-week period from 14 to 27 September.

The company later disclosed that around 10% of the accounts affected were believed to belong to EU-based users.

However in a message a few weeks after the hack to the minister, Facebook’s head of public policy for Ireland, Niamh Sweeney, revealed further details about the impact of the hack on the company’s local user base.

She disclosed that more than 42,000 users in Ireland had their details compromised in the breach.

The figure included:

  • 416 whose profiles, including lists of recent Messenger conversations, were fully exposed to the hackers;
  • 22,381 whose name and contact details were accessed;
  • 20,448 whose recent searches, locations and birth dates, in addition to their contact details and other personal information, were compromised.

The hackers were unable to read the private messages of those whose profiles were fully exposed, Facebook said, although the attackers would be able to see private messages sent to pages administered by members of that group.

We would be grateful if you could keep the numbers I’ve shard (sic) above confidential as we continue to work on this analysis,” Sweeney wrote in the email, which was obtained by TheJournal.ie.

CA: F8 2019 Facebook Developer Conference Facebook CEO Mark Zuckerberg SIPA USA / PA Images SIPA USA / PA Images / PA Images

A security weakness

Hackers exploited a weakness in Facebook’s code to carry out the attack, stealing tokens – which are normally used to allow people to remain logged into their accounts – that enabled them to effectively take over people’s accounts.

Speaking after Facebook first revealed details of the worldwide breach, CEO Mark Zuckerberg described it as a “really serious security issue”.

The company said it would notify the affected account-holders.

It has not been revealed who was behind the attack or what, if any, use was made of the compromised data.

The Data Protection Commission has since opened three separate statutory inquiries into whether Facebook had breached EU rules governing the handling of data after it was notified of the hack.

The commission, which acts as the defacto European watchdog for many major tech companies’ data practices due to firms like Facebook’s regional bases in Ireland, has the power to levy fines of up to 4% of a company’s yearly revenue under GDPR provisions.

In the case of Facebook, the penalty could potentially stretch to more than €1 billion – although any actual fines are likely to be much less than the maximum figure.

A commission spokeswoman said inquiries into the Facebook hack were “at an advanced stage”. It is currently conducting another five, unrelated investigations into the social network.

Know more about this story? Email the author via peter@thejournal.ie or send a message using the secure Threema app, ID: ESUCBYMK.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
26 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds