Facebook discloses security breach affecting 50 million users

The social media company said hackers have stolen the digital login codes of 50 million users which gives them access to the user’s private data.

Background

Facebook, a social media and social networking site, was launched by Mark Zuckerberg in 2004 along with some of his Harvard roommates. Almost instantly the site was a hit among its users and grew exponentially across the world. As of August 2018, Facebook has more than two billion monthly users.

Facebook’s large user base has prompted them to expand operations and facilities across the world. South Asia’s young and technology-savvy population has encouraged Silicon Valley tech giants like Google and Facebook to invest in the region.

The recent scandal with Cambridge Analytica has unveiled Facebook’s unethical practices of user data storage outside of the host country. Their expansion into Singapore will be a way to mend their tarnished reputation as the world’s largest social media platform.

Facebook has been targeted by cybercriminals in the past to access sensitive information of their users. These may include email addresses, passwords, postal addresses, phone numbers and personal pictures. With the developments of facial recognition technology, criminals could steal data on an individual’s appearance and perform identity thefts on a large scale.

Analysis

Facebook said on Friday (Sept 28) that hackers stole digital login codes allowing them to take over up to 50 million user accounts in its worst breach ever, given the unprecedented level of potential access, adding to what has already been a difficult year for the company's reputation.

Facebook, which has more than 2.2 billion monthly active users, said it has been unable to determine yet whether the attacker misused any of the accounts or stole private information. It also has yet to identify the attacker's location or whether specific victims had been targeted.

Chief executive officer Mark Zuckerberg described the incident as a "really serious security issue" in a conference call with reporters. Shares in Facebook fell 3% in afternoon trading, weighing on major Wall Street stock indexes.

Facebook made headlines earlier this year after a limited amount of data from 87 million users was improperly accessed by Cambridge Analytica, a political consultancy. The disclosure has prompted government inquiries into the company's privacy practices across the world and fueled a "#deleteFacebook" social movement among consumers.

US lawmakers said on Friday that the hack may boost calls for data privacy legislation. Federal Trade Commission Commissioner Rohit Chopra on Twitter said "I want answers" with a link to a Reuters story on the breach.

Facebook's latest vulnerability had existed since July 2017, but the company first identified it on Tuesday after spotting an unusual increase in the use of its "view as" privacy feature on Sept 16.

"View as" allows users to see what their own profile looks like to someone else, enabling them to verify their privacy settings. The flaw inadvertently put the wrong digital code, similar to a browser cookie, on the devices of people using “view as".

That code could allow the person using "view as" to post and browse from someone else's Facebook account, potentially exposing private messages, photos and posts. Guy Rosen, the Facebook vice-president overseeing security, said the flaw was "complex" in that it resulted from three failings.

Assessment

Our assessment is that this data breach is the latest in a series of cyber-attacks on Facebook, which is aimed at reducing the company’s credibility. Facebook has always had privacy issues and hackers targeted users as a way of reducing public confidence in Mark Zuckerberg’s company. We believe that Facebook’s latest patch to fix this problem will be sufficient to defend the platform from similar attacks in the near future. However, we also feel that hackers will now target other vulnerabilities on the website.