By Elton Gomes
Facebook, on Friday, said that hackers stole digital login codes that gave them access to nearly 50 million user accounts. The company said that this is its worst ever security breach considering the unprecedented level of potential access.
Facebook said that it has fixed the security loophole and alerted law enforcement authorities, but it remains unaware of the origin or identity of the hackers, as well as the full extent of the attack.
Approximately 90 million users were logged out of their accounts early Friday – this is a common safety feature that’s taken when accounts’ safety is compromised. Facebook also confirmed that third-party sites that the affected users logged into with their Facebook accounts could also be affected.
The unprecedented data breach comes at a time when Facebook has not fully recovered from the Cambridge Analytica data scandal. The social media company continues to face scrutiny after it has been alleged that Facebook affected the 2016 US presidential elections and fermented violence in Sri Lanka.
How is the breach different from Cambridge Analytica
Two people familiar with the investigation spoke to the New York Times on the condition of anonymity. They said that three software flaws in Facebook’s systems allowed the hackers to break into user accounts, including those of Mark Zuckerberg and Sheryl Sandberg. Once the attackers were inside users’ profiles, they were able to access apps like Spotify, Instagram, and many others that give users a way to log into their systems through Facebook.
The Cambridge Analytica scandal saw a third-party company erroneously gain access to data that was siphoned off by a then-legitimate quiz app. However, the current breach allowed attackers to directly take over accounts.
Facebook has said that the bugs that enabled the attack have been patched. The company said that attackers were able to see everything in a victim’s profile. However, it remains unclear whether the attackers were able to view private messages or if any data was misused.
Facebook CEO Mark Zuckerberg told reporters that the company is dealing with the issue very seriously. “We’re taking it really seriously,” Zuckerberg said, adding “We have a major security effort at the company that hardens all of our surfaces. I’m glad we found this. But it definitely is an issue that this happened in the first place,” as per a report in the Telegraph.
Law enforcement begins probe
Facebook’s vice-president of product management, Guy Rosen, told the media that the company has notified law enforcement. Rosen said that Facebook was working with the FBI, but he did not say whether national security agencies were involved in the investigation. “The investigation is early, and it’s hard to discover who is behind this,” Rosen said. “We may never know,” the Guardian reported.
Rosen did not provide any details about the affected users and their location. He simply said that the attack seemed “broad” and that investigators had not yet determined who the perpetrators were.
Facebook notified the Irish Data Protection Commission (DPC) about the breach. In its response, the Irish DPC tweeted: “At present Facebook is unable to clarify the nature of the breach & risk to users. We are pressing Facebook to urgently clarify these matters.”
How does this affect Facebook?
After reports of the breach emerged, US regulators and lawmakers urged Congress to step up its action in probing Facebook.
“Breaches don’t just violate our privacy. They create enormous risks for our economy and national security,” Rohit Chopra, a commissioner of the Federal Trade Commission, said in a statement. “The cost of inaction is growing, and we need answers,” the New York Times reported.
The recent breach was a reminder that Facebook is finding it extremely difficult to fully secure a system with more than 2.2 billion users all over the world and that connects with thousands of third-party services. If Facebook seems to have run out of options to protect user privacy, it could consider regulation as a way out of this mess.
Elton Gomes is a staff writer at Qrius
Stay updated with all the insights.
Navigate news, 1 email day.
Subscribe to Qrius