Late last week, social network Facebook revealed that it had suffered its biggest ever data breach, which saw the authentication tokens for as many as 90 million users potentially compromised. The badly optimized View As feature code allowed hackers access to login tokens, thanks to a vulnerability.
While the company tried to suggest that it had taken necessary corrective measures by logging users out of their accounts to create new tokens and that the vulnberability has since been patched, users are not impressed. However, it wasn’t hard to see that Facebook was itself at a loss to explain what happened, and how it happened. “Our investigation is still very early, so we don’t yet know exactly the scope of the misuse and how and if accounts were actually misused,” said Guy Rosen, VP of Product Management, Facebook, in a call with the press, a few days ago.
The first impact of the revelation was felt soon after. California resident Carla Echavarrai and Virginia based Derrick Walker have filed a class action suit in US District Court for the Northern District of California, against Facebook. "It is shocking that after all the publicity surrounding Facebook's handling of personal information in the wake of Cambridge Analytica and its promises to do better by its users that Facebook has yet again failed to protect consumers' information from hackers," said their attorney, John Yanchunis, in an official statement.
Now however, things are getting worse for Facebook. Perhaps as expected.
There is action happening closer to home too. As per the reports by PTI, the Government of India has asked Facebook to update them on the impact of the latest breach, on Indian users. No formal notice has been sent by the Ministry of Electronics and Information Technology (MEITY) to Facebook yet. The social network is expected to respond this week. Facebook has over 270 million users in India, its largest share in any country, as per the numbers shared in July 2018 by research firm Statista, with United States (210 million) and Brazil (130 million) in second and third place respectively.
The latest security breach is the largest in Facebook’s history.
The Data Protection Commission (DPC) of Ireland has opened a formal investigation into a data breach of Facebook accounts, and this could result in a fine of up to $1.63 billion—for the fact that the company didn’t comply with the General Data Protection Regulation (GDPR). ““The investigation will examine Facebook’s compliance with its obligation under the General Data Protection Regulation to implement appropriate technical and organisational measures to ensure the security and safeguarding of the personal data it processes,” the Data Protection Commission has said in an official statement. The DPC went on to note that Facebook had already informed them about the ongoing internal investigations and how they continue “to take remedial actions to mitigate the potential risk to users”.
The case could prove to be the first major implementation of the GDPR guidelines. Under the rules that dictate how companies are supposed to safeguard user data, they could be hit with fines as much 4% of their annual global turnover for serious violations. By the same calculations, Facebook could be in line for a fine of as much as $1.6 billion, calculated on the tech giant’s 2017 revenues.
This revelation comes at a time when Facebook is already under scrutiny for the Cambridge Analytica data leaks which impacted 87 million users, the subsequent controversy over the Messenger app logging user calls and message data on Android devices, the allegations that they didn’t do enough to identify and prevent foreign interference in US elections and the inability to clamp down on hate speech on the platform.
Also Read | Facebook Security Breach: Is Your Account Safe and Other Key Questions Answered
Comments
0 comment