NPC says over 750k Filipino Facebook users affected by massive data breach

Early this month, there was a security breach in Facebook that was discovered that affected almost 50 million accounts. Facebook accounts of more than 750,000 Filipinos might have been compromised during a recent cyber attack on the world’s largest social network. Facebook revealed that attackers exploited a vulnerability in Facebook’s code that existed between July 2017 and September 2018 which allowed them to steal Facebook access tokens which they could use to take over people’s accounts.

Facebook has then fixed the vulnerability, and on September 29, 2018, informed the Commission about the attack through an e-mail. Facebook has posted an update on October 12, 2018, which provides details on how the attack happened. On October 13, Facebook informed the National Privacy Commission that a total of 755,973 Philippine-based Facebook user accounts may have been compromised that forced Facebook to log out users from their accounts last September 28.

The National Privacy Commission said that an estimate of 387,322 of those accounts may have their basic profile information compromised such as full name, email address, and phone number. Perpetrators may have obtained more sensitive information from the other 361,227 accounts like location, birthday, devices used, and work history, to name a few.

Further information may have been exposed from the remaining 7,424 accounts including posts on their timeline, list of friends, groups they are members of, and the names of recent Messenger conversations.

The NPC believes that there’s the risk of serious harm to Filipino users as there will be an increased likelihood that these users will be targeted for professional “spam” operations and “phishing” attacks. The NPC also slammed Facebook’s letter dated October 13, 2018, saying that “there is no material risk of more extensive harm occurring.”

The NPC has then ordered Facebook to submit a more comprehensive Data Breach Notification Report and inform the data subjects in compliance with the provisions of NPC Circular No. 16-03 – Personal Data Breach Management.

Facebook was also ordered to provide identity theft insurance or credit monitoring service for free to affected Filipino data subjects; or, in the alternative, establish a dedicated helpdesk/help center for Filipino data subjects who may be adversely affected by this incident, to provide assistance in identity restoration and other related matters.

At the time, Facebook reset all the affected accounts, and another 40 million more that have used the View As feature in the last year as a security measure. If you were affected, you will be logged out of Facebook and would be asked to log back in. Just to be sure, it might be a good idea to change your Facebook password as soon as possible.

Post a Comment