Facebook reportedly shopping for a cybersecurity company

Acquisition would aim to shore up security following the largest hack in the company's history.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Facebook Data Security
Jaap Arriens/NurPhoto via Getty Images

Facebook wants its billions of users to know it cares about beefing up security in the wake of a major security breach, and now it appears the social media giant is ready to spend some money on a major cybersecurity acquisition to make it happen.

Facebook has approached several security companies about a possible acquisition, The Information reported Sunday, citing sources described as familiar with the matter. Possible takeover targets weren't identified, but the tech news outlet said a deal could be announced as soon as the end of the year.

Facebook's push to reinforce its security comes less than a month after what the company calls the biggest security breach in its history. The social network originally suspected as many as 50 million user accounts were affected but now believes it compromised the personal information for 29 million users, including phone numbers, email addresses and recent searches.

Facebook has tentatively concluded that spammers masquerading as a digital marketing company were behind the massive security breach, and not hackers working for a nation-state, according to the Wall Street Journal.

Facebook has said it's working with the FBI, which asked it not to discuss who might be behind the attack or whether they were targeting anyone in particular. But it's also said there's no reason to believe the breach was related to the upcoming US midterm elections.

The breach stemmed from a vulnerability in Facebook's "view as" feature, which lets people see what their profiles look like to other people. Attackers exploited code associated with the feature that allowed them to steal "access tokens" that could be used to take over people's accounts. The attackers also used a technique that let them steal access tokens from the friends of the accounts they already controlled, expanding their reach.

A Facebook spokeswoman declined to comment on the report.

Inside Facebook's election war room

See all photos
Watch this: Go inside Facebook's election war room

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.

iHate: CNET looks at how intolerance is taking over the internet.