Facebook announced that the personal entry keys of almost 50 million of its users had been compromised by hackers, who were able to exploit a feature in the platform’s coding to get access to accounts and potentially take control of them.
The New York Times reported, however, that the hack could have much wider repercussions than those for Facebook alone, because of Facebook Connect, introduced to the platform in 2008, which allows users to log into multiple other sites using their Facebook login details.
Thousands of sites signed up to the Facebook Connect tool, ranging from small-time publishers to online giants, such as Airbnb, Uber and the dating app Tinder. So far, no breaches by third parties have been reported.
This latest controversy to hit Facebook has already sparked renewed calls in the US for stricter laws to control big tech companies. And in Europe, where the tough General Data Protection Regulation became law in May, an investigation into the Facebook breach is being prepared.
“GDPR was designed to address the big tech giants, who are enormous, have huge resources and do very complicated things with personal data,” James Castro-Edwards, the head of the data-protection practice at the London law firm Wedlake Bell told the Times.
“This is the sort of battle that GDPR was drafted to be used in.”
Facebook is still reeling from last year’s revelations that UK analytics firm Cambridge Analytica had access to the private data of as many as 87 million users, and there are continuing concerns that “fake news” spread via Facebook has influenced elections.
The latest breach appears to be the result of a cyber-attack rather than any negligence, so any fines will take this into account, according to Rachel Aldighieri, MD of the Data and Marketing Association (DMA).
“However, fines are just one of the risks to organizations like Facebook,” she added. “We believe the long-term effects on customer trust, share price and public perception could have more lasting damage.”
Facebook says it has now fixed the security breach and reset access tokens for the 50 million accounts that had been compromised, plus another 40 million thought to be vulnerable.
Sourced from The New York Times, Information Security Buzz; additional content by WARC staff