On September 28, 2018, Facebook users were surprised to find themselves logged out of their accounts, with some unable to access their accounts for a short time. There was no warning or explanation for it, and users took to Twitter to discover that they were not alone in experiencing this issue. It was only after many voiced their concerns did Facebook finally disclose that they have just experienced their largest security breach ever.
According to Facebook’s original statement, an anonymous hacker or group of hackers gained access to almost 50 million accounts. Instead of stealing credit card data or other valuable data similar to the recent Cambridge Analytica scandal, the hackers stole millions of access tokens. These are keys to an account, its private information, and its connected apps and websites. If you signed up on Spotify with your Facebook account, your Spotify account may be compromised — especially if you pay for products such as Spotify Premium with a credit card.
Facebook found that the hackers exploited a gap in the code. If you’re the type who constantly edits their profile, you might have heard of the “View As” feature. If you’re worried about a stranger or someone on your friends list seeing something you wanted hidden from them, you can preview your profile and what it looks like from their account. The hackers found a way to gain access to millions of accounts using new features such as the box that allows you to greet your friends a happy birthday and the latest video uploader.
The only bright side was that out of the reported 50 million hacked accounts, only tens of millions were supposedly hacked; the other 40 million users were logged out by Facebook themselves because they recently used the “View As” feature and may have been compromised.
After the breach, very little was said about the attack other than Facebook’s security updates to protect its users’ privacy. Either Facebook doesn’t know factors such as the motive, impact, and people behind it or they choose to remain quiet about it. Either way, the hack is another strike against Facebook after the Cambridge Analytica scandal and its inability to detect fake news and Russian propaganda. Since then, there have been a lot of calls from the government and the public demanding for regulating Facebook’s monopoly on data, and one could argue the public’s confidence and trust rating may be a sign for it.
It’s already three weeks after the security breach, and Facebook is still dealing with the consequences of its actions. What it does may also influence the future of social media, digital technology, and data collection. Apart from the possible lawsuits against the company, what steps are they taking to ensure a breach this massive does not happen again?
3 Million European Users
Three weeks after the breach, Ireland’s Data Protection Commission (DPC) found that there were approximately three million European Facebook users were affected by the security breach, which may cost Facebook millions in fines under the General Data Protection Regulation (GDPR) in the European Union. Under the new privacy law, companies handling the personal data of Europeans must follow strict requirements to keep their data secure. In case of breaches, companies have 72 hours to report the breach to authorities; otherwise, they may be required to pay a fine of up to four percent of their annual global revenue, or around $1.63 billion for Facebook.
This breach marks the first major case of the GDPR, a law that Facebook CEO Mark Zuckerberg said in April was a “positive step for the internet.” However, according to the DPC, Facebook’s notification lacked detail and failed to clarify the nature of the breach. If found guilty of breaking the GDPR, there may be a formal investigation conducted to determine if Facebook really broke any of the GDPR’s stipulations.
The Future of Facebook Security
Following the hack, Facebook has worked with law enforcement and concerned authorities in the United States and Europe to find a solution to their breach. Zuckerberg also promised that there were more steps implemented to strengthen its defenses. Facebook will be doubling its staff focusing on security to 20,000.
The company will also have to appear before Congress to report about the breach. It’s not the first time Zuckerberg has appeared before them, but the result could affect the way it and social media protect its users’ privacy.
As for social media users, however, Facebook has taken steps to assure people that they are handling the situation. Facebook took steps to inform those who affected by the breach. Apart from informing users of the updates, Facebook recommended users change their passwords, restrict permissions, and monitor apps and websites connected to their account. Naturally, this breach will affect users’ trust and how much information they share on Facebook, with some people even urging others to deactivate their account (though in an era of digital technology and Facebook’s monopoly on social media and data, this may be difficult if you want to stay connected with everyone else).
But this breach is an example of what could happen with just one tiny mistake. Before this, have you ever considered that that box where Facebook encourages you to write your friends a birthday greeting as a security threat? Thanks to a mistake in the code, it’s what the hackers exploited in a “View As” feature to get in. According to Rohit Chopra, a commissioner of Federal Trade Commission, this attack may open the doors for bigger risks that could affect the economy and national security.
Can Facebook Really Protect Our Data?
Despite its promises and security updates, are the engineers and experts in Facebook truly equipped to protect its users? According to Alex Stamos, Facebook’s ex-chief security officer, they may be ill-equipped to address global security, user privacy, and information dissemination.
Stamos believes Facebook will have to team up with the politicians in Washington to provide adequate security measures. His new institute, which offers academic research and cybersecurity investigation, will “bridge gaps between various academic factions, Silicon Valley’s ruling class, and Washington.” These three organizations may be able to hold each other accountable, provide better transparency, and protect online users against cybersecurity threats.
That’s not to say that Facebook is leaving the gates open for these threats. Following the hack, Facebook has immediately fixed the bug and immediately reported it to law enforcement. Around 90 million users were logged out as a precautionary measure to protect its users. Even Stamos said Facebook was making “great strides” to defend its users against threats.
And while there may be another code loophole hackers may exploit in the future, we can bet Facebook will be there to do damage control and protect its users and their data. Until then, Facebook may have to work hand in hand with government agencies and cybersecurity organizations to provide better security. In the meantime, we recommend users be more careful about the personal information they leave on the internet.