Facebook has made public that a a serious data breach, discovered and addressed by its engineers have discovered, occured on September 25. This hack impacted approximately 50m account holders. Affected users have been sent a notification and automatically logged out of their Facebook accounts, meaning that they had to log back in again to regain safe access.
Facebook shares, which had already dipped by about 1.5% before the announcement, extended losses after the disclosure and ended the day down 2.6%. The news may is unlikely to improve for for the social media giant as, under the newly-introduced General Data Protection Regulation, the European Union could apply a fine that would equate to 4% of Facebook’s annual global revenue for the previous calendar year – an amount that would currently be around €1.63bn.
Chairman, Chief Executive Office and Founder of Facebook Mark Zuckerberg commented on the hack in a Facebook post saying: “On Tuesday, we discovered that an attacker exploited a technical vulnerability to steal access tokens that would allow them to log into about 50 million people’s accounts on Facebook. We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more.”
He added: “I’m glad we found this and fixed the vulnerability. But it definitely is an issue that this happened in the first place. I think this underscores the attacks that our community and our services face.”
This is the most recent attack in a very turbulent time for Facebook regarding the protection of account holders’ private information and data. Earlier in 2018 the group had to deal with the Cambridge Analytica controversy, when an external company was discovered to have shared personal data acquired without the expressed permission of users. This breach happened before the introduction of GDPR.
So far Facebook has not identified the hackers, or their location. Guy Rosen, Facebook’s Vice President of product, revealed on Friday that “We (Facebook) haven’t seen that the access tokens were used to access private messages, or posts, or post anything to the accounts. It’s important to say: The attackers could use the account as if they are the account holder. Our investigation is early and it’s hard to determine exactly who was behind this. We may never know.”
US Democratic Senator Mark Warner for Virginia – who is also the Vice Chairman of the Senate Intelligence Committee – made a plea for a “full investigation” into the hacking incident. He commented: “Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures. This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users.”