Facebook is putting out serious information in public and everything has its own consequences. A massive hack attack last Friday, stole access tokens to around 50 million accounts, bypassing all the security measures. The attack potentially gave full profile control along with the access to all the apps linked to the account. Around 10℅ of those accounts from European Union tweeted directly to the concerning privacy authority of the region, Irish Data Protection Commission. If EU finds that Facebook didn’t do enough to ensure user security, it could still be fined up to $1.63 billion fine, which is the 4℅ of $40.7 billion (annual global revenue).
The regulator, in an emailed statement, said that “it is concerned at the fact that this breach was discovered on Tuesday and affects many millions of user accounts but Facebook is unable to clarify the nature of the breach and the risk for users at this point.”
What is Facebook Breach?
Facebook informed regulators and released a public statement about a security breach on 50 million user accounts on Friday.
The sophisticated attackers took three bugs from video uploading feature, privacy features, and Facebook’s profile to steal 50 million access tokens of Facebook accounts. This can let attackers take over user accounts and use them on different apps including Instagram, Oculus, and all those sites that use Facebook as a login system.
The question still making rounds is that which data was exactly stolen and what are the potential misuses of that data.
Facebook cleared that they discovered this on Tuesday and due to the deadline of 72 hours about announcing hacks, took three days to announce it. This hack can trigger a minimum of 2℅ of companies total global revenue if security measures did not meet expectations.
“We’re working with regulators including the Irish Data Protection Commission to share preliminary data about Friday’s security issue. As we work to confirm the location of those potentially affected, we plan to release further info soon,” the social media giant said in response to the IDPC’s tweet.
The EU’s GDPR laws have always been strict concerning the improper security practices. Before journalists and regulators discover something too harsh like Trump’s campaign strategy, it can be taken as just another Facebook scandal.
Andrew Dyler, a DLA Piper partner said that “When you talk about a business like Facebook that has huge resources and a large user base, that is inevitably going to be seen as a higher bar. The expectation should be that they are going to be deploying a very significant amount of resources.”
Facebook has been constantly facing heat over its privacy and security since Cambridge analytics issue. Another such incident will hardly go down well with users as well as authorities.
“If you are a company that is processing personal data on a large scale, the level of risk is going to be seen as higher, so the level of security will have to be higher,” said Sarah Pearce, head of the European Data-Privacy and Cybersecurity.
The company is also under fire from complaints lodged for GDPR from activists. Privacy activists have been constantly questioning the terms of data usage from Facebook. We are all waiting for the final decision. It will be interesting to see whether Facebook is actually concerned about its users or it is just another typical business.