Blog

Facebook suffers historic data breach

11/10/2018

On September 24th, Facebook engineers discovered what is likely to be the biggest data breach in the company's history, with over 50 million accounts reported to have been compromised.

The attackers accessed users’ profiles by exploiting a bug in Facebook's video uploader and their “View as” feature, which allows you to see what your own profile looks like to other users. The bug the attackers discovered allowed them to see users' access tokens.

Access tokens are digital security keys that allow you to stay logged in to your Facebook account without having to input your password every time. As a precaution, Facebook automatically logged out approximately 90 million users who were at risk of being affected, requiring them to log back in the following day. Even Mark Zuckerberg (CEO) and Sheryl Sandberg (COO) were among those affected by the breach.

The recency of the attack means Facebook are still not fully aware of who the hackers were, where they were from, or what motivated the attack. It remains unclear what information, if any, was stolen and whether they misused the accounts they gained access to. Facebook are still conducting their own internal investigations and will update their news post as they learn more.

This colossal data breach will be the focus of the first major investigation by the Irish and Spanish data protection commissions since the General Data Protection Regulation (GDPR) came into force by EU law. The investigations will look into whether Facebook was compliant with GDPR laws in having appropriate security measures in place to protect its users' personal data. If they are found to be in breach of GDPR, they could face an eye-watering fine of up to $1.63bn.

Whilst information is still somewhat limited, the presence of new investigations into Facebook's operations are only going to increase the strength of the public spotlight already on the firm as well as the scrutiny they come under. Both the outcome of the investigation and seeing how GDPR is enforced on such a large scale will be very interesting to watch as it unfolds.

Share this:
Back