Facebook’s engineers identified a serious data breach on September 25 that affected roughly 50 million Facebook users. A breach notification was sent to affected users. At the same time, all user accounts were automatically signed out. If users would like to access their accounts, they had to log in once again.
Facebook shares decreased by 1.5% before announcing the breach and it decreased even more by 2.6% right after the disclosure. However matters may worsen for Facebook if the European Union imposes a penalty under the General Data Protection Regulation (GDPR). Facebook could end up paying penalties amounting to 4% of Facebook’s yearly global income or roughly €1.63 billion.
Facebook CEO and Founder Mark Zuckerberg explained that an attacker exploited a technical vulnerability and stole access tokens. The tokens could allow an attacker to log into the Facebook accounts of 50 million users. To date, no report has been received regarding the possible improper use of the accounts. Facebook resolved the vulnerability but the incident is a clear indication that there is an issue to begin with.
This incident demonstrate the notably turbulent scenario for Facebook with regards to safeguarding its users’ private data. Just at the beginning of this year prior to the launching GDPR, Facebook had a problem with the Cambridge Analytica affair. A third-party company was found to have shared personal data acquired without the data subjects’ consent.
Facebook mentioned that the attacker exposed three glitches which were put in the website’s “View As” function in July 2017. The “View as” permits users to see how other users of Facebook see their own profile page. The bug was resolved on Thursday night and different law enforcement agencies like the FBI and the Irish Data Protection Commission were sent notices to comply with the GDPR.
Currently, the cyber attackers or their whereabouts have not been identified. There was likewise no report regarding the attackers’ use of the access tokens for opening private messages or publishing any information to the user accounts.
Democratic Senator Mark Warner for Virginia and Senate Intelligence Committee Vice Chairman would like to have a “full investigation” on the occurrence. This breach remind us the value of enough security controls when utilizing websites that keep the personal information of each American. Congress needs to do something more to safeguard the privacy and security social media users.