NPC says Facebook yet to determine how many PH users affected by hack

The National Privacy Commission said in a statement on Saturday, September 29, that it has already communicated with social media giant Facebook regarding the hacking incident that is said to have affected about 50 million accounts.

NPC commissioner Raymund E. Liboro

However, the data privacy agency said Facebook has yet to disclose the number of Filipino users affected by the data breach.

“According to the company’s representatives, the investigation is still in its early stages. They have not determined yet how many Filipinos are affected and whether misuse of personal information had resulted from this breach,” the NPC said.

The agency said it was around 12:49 AM of September 28 that it received an informal notice from Facebook representatives that they had found a vulnerability in their app that was exploited by malicious attackers.

“The vulnerability was attributed to a combination of several programming errors in updates made in July 2017. As a result, malicious intruders were able to generate access tokens.

“These access tokens allowed the intruders to log into affected FB profiles as if they were the actual profile holders. This means they had the ability to access data reserved for account holders even without having to enter the user’s password,” it said.

As a remediation measure, the NPC said Facebook has terminated the sessions of persons it identified as having been affected and had them enter their login credentials again.

“This morning, the company has notified affected users of the incident. We have informed Facebook, however, that the notification it sent to individuals leaves much to be desired,” the data privacy watchdog said.

The NPC said it has prescribed breach management procedures in place and expects Facebook to abide by these rules. The agency said it will notify the public about developments and its actions on the matter.

“To protect themselves, all Facebook users must enable multi-factor authentication on all platforms, employ strong passwords, and practice good digital hygiene,” it concluded.

Comment on this post