Facebook’s major breach is the work of spammers who had been keeping close tabs on the tech company for a while, the Wall Street Journal concluded. Fox-IT’s Chief Research Officer Erik de Jong told BNR News Radio that it is unclear exactly who was involved.
The hackers created a fake Facebook profile, pretending to be an online marketing agency, and stole email addresses, search queries and location data, among other data. “The added value of personal data, including email addresses, is that you know that it works. The intruders who stole data from Facebook can assume that details like location, search queries and email addresses are correct,” De Jong says.
Fox-IT: “Possible abuse of APIs”
The Facebook breach was achieved through an API, which is how developers access the platform. According to De Jong, it is possible that the hack comes from an organisation that has access to an API. “There are many parties who can use an API to get direct access to data that they can run analysis on. That makes it very possible that one of them abused the API.”