October 1, 2018
In its third security breach reported since June, Facebook announced on Friday that hackers had leveraged a security vulnerability in order to attack its computer network and access the personal accounts of about 50 million of its social platform users. In the two other breaches, hackers unblocked individuals that had been previously blocked by Facebook users, and users’ share settings were manipulated without permission. As a result of this latest breach, “the attackers could use the account as if they are the account holder,” according to Guy Rosen, VP product management for Facebook.
“These hackers had access to everything from personal data — name, gender, hometown — to really personal data, like users’ private messages,” reports Recode. “It’s unclear if the hackers took advantage of that access, Facebook execs say.”
According to The New York Times, “software flaws in Facebook’s systems allowed hackers to break into user accounts, including those of the top executives Mark Zuckerberg and Sheryl Sandberg … Once in, the attackers could have gained access to apps like Spotify, Instagram and hundreds of others that give users a way to log into their systems through Facebook.”
These three incidents follow in the wake of the Cambridge Analytica debacle, which involved the personal data of 87 million Facebook users possibly accessed by a research firm without permission.
In a conference call with journalists last week, Facebook CEO Mark Zuckerberg said that, “security is an arms race. We’re continuing to improve our defenses, and I think that this also underscores that there are just constant attacks from people who are trying to take over accounts or steal information from people in our community … but this is going to be an ongoing effort and we’re going to need to keep on focusing on this over time.”
Numerous media outlets have commented that this is not the most satisfying response from a company that has made a number of similar promises this year regarding security of personal data. This latest breach is reportedly the largest in the company’s 14-year history and arrives as Facebook contends with increased scrutiny over fake news and misinformation that may have impacted elections and even resulted in deaths.
“Senior executives have testified several times this year in congressional hearings where some lawmakers suggested that the government will need to step in if the social network is unable to get tighter control of its service,” notes NYT.
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users,” said Senator Mark Warner (D-Virginia). “A full investigation should be swiftly conducted and made public so that we can understand more about what happened.”
“Breaches don’t just violate our privacy. They create enormous risks for our economy and national security,” added Rohit Chopra, a commissioner on the Federal Trade Commission. “The cost of inaction is growing, and we need answers.”
Facebook Faces Potential $1.63 Billion Fine in Europe Over Data Breach, The Wall Street Journal, 9/30/18