Is Facebook about to buy a cyber security firm?

Is Facebook about to buy a cyber security firm?

Sparked by the hack that stole data from 29 million users

Credit: Dreamstime

As the dust settles on news that cyber attackers stole data from 29 million Facebook accounts, the social media giant is rumoured to be the hunt to acquire a cyber security firm.

That's according to The Information, which reported that people familiar with the matter confirmed Facebook's intention to acquire, claiming the company has already approached several security providers without revealing who the possible candidates are.

Furthermore, sources said the deal could close as soon as the end of 2018.

"In its current acquisition efforts, the company is most likely to look at software that it could wrap into its own systems, including things like analytics or tools to flag unauthorised access, people familiar with its thinking said," wrote The Information.

"Companies in these categories include Demisto, JASK and Swimlane, each of which are privately held and would likely cost somewhere in the hundreds of millions of dollars."

According to media reports, Facebook could also explore ways to allow users to keep accounts "more secure or add privacy features".

"Some companies in this category include ZeroFOX and SafeGuard Cyber, both of which help assess accounts for risk of attack or prevent attacks," wrote The Information. "ZeroFOX has raised more than $80 million to date and SafeGuard Cyber $14.9 million."

This wouldn't be Facebook's first security acquisition as the company acquired PrivateCore, which develops software to secure server data through server attestation and memory encryption, in 2014.

Earlier in the month it was revealed that group of Facebook and Instagram spammers, that present themselves as a digital marketing company, were behind the attack that stole data from 29 million users.

Facebook had previously published that its engineering team had discovered a security issue affecting almost 50 million accounts, stating that attackers exploited a vulnerability in the company's code that impacted “view as”, a feature that lets people see what their own profile looks like to someone else.

This allowed attackers to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.

Facebook then fixed the vulnerability and reset the access tokens of the almost 50 million accounts it knew to have been affected.

At the time, Facebook also turned off the "view as" function temporarily.

"This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted 'view as'," the company stated at the time.

Tags Facebookacquisition


Show Comments