Facebook faces fines from the EU

Facebook CEO Mark Zuckerberg on stage at the 2018 Facebook Developer Conference, F8

writer icon Kristine Hanson     Facebook   |   Tech     🕐 05. Oct. 2018

Last week, on 28th September, Facebook announced that the social media platform had experienced a security breach of unprecedented proportion.

More than 50 million Facebook accounts were hacked after an update to the site exposed a vulnerability to the security of the platform. The update was performed back in July 2017, but Facebook was not aware of the flaw until September 2018.

Total access
The breach enabled hackers to log in to millions of accounts and do everything that a user can do with their own account. The vulnerability was in the “View As” function, where users can see how their profile appears to others. Through “View As”, hackers could obtain unique access tokens belonging to user accounts. They were able to use the tokens to log in. Facebook officials are not able to say just how much the hackers may have accessed.

Third-party apps
Guy Rosen, Vice President of Product Management at Facebook said in a press conference, “the vulnerability was on Facebook, but these access tokens enabled someone to use the account as if they were the account holder themselves. This does mean they could have accessed other third-party apps that were using Facebook login.”

In the same press conference, Facebook CEO Mark Zuckerberg said, “So far, our initial investigation has not shown that these tokens were used to access any private messages or posts or to post anything to these accounts. But this, of course, may change as we learn more."

Valuable data
Facebook has an extremely large and valuable collection of data on its users. Some users connect their bank card details to Facebook in order to make purchases. Other users send sensitive and highly personal information via the messenger service. Facebook could be a target for any and all of these reasons. 

The Irish Data Protection Commission (DPC) has requested further information from Facebook regarding the leaked data.

According to the Wall Street Journal, the DPC want to know which European users are affected by the leak. It could be proven that Facebook has broken the laws of data protection (GDPR). If this turns out to be the case, Facebook may face fines of up to $1.63 billion. 

Facebook has stated that they are working together with law enforcement to get to the bottom of the breach, as well as to ensure the security of the social media platform for its users.

We believe that information should be free and will therefore never put up a paywall.

If you like reading our reports about the Scandinavian business scene and would like to donate towards the upkeep of the site, we would be very grateful. Click here to donate.

Most Popular Articles of November

Most Popular Articles of this Year