According to the news report by Bloomberg, Facebook Inc. announced earlier this week that it had discovered a data breach that had affected nearly 50 million Facebook accounts. This is the latest in a series of unfortunate events that have undermined investor as well as consumer confidence in the social network platform and its business model.
The company announced on Friday that it had fixed the breach that hackers had made to take control of users’ accounts and that law enforcement authorities as well as regulators, including the Irish Data Protection Commissioner, had been informed about the hack.
The company also stated that the Facebook accounts of the company’s Chief Executive Officer Mark Zuckerberg as well as the chief operating officer Sheryl Sandberg had been hacked in this attack.
After the news broke, Facebook’s shares fell by 2.6% to close the trading week at $164.46 per share. With this drop in share prices, the company’s stocks are down by 6.8% for the year so far.
Due to multiple data breaches, security leaks and the malicious spread of misinformation, Facebook has been forced to deal with hostile Congressional hearings, probes by regulators and anger from its users.
This latest breach has only increased the concern among the public that Facebook is collecting too much personal information about its users and is not protecting that sensitive data properly. The data that Facebook collects is the key to the company’s advertising business, therefore any limits imposed on data collection would negatively impact the social networking company’s earnings.
The top Democrat on the Senate Intelligence Committee, Senator Mark Warner issued a statement that this breach was of great concern. He also called for an investigation into how this could have happened.
Despite Facebook stating that the regulator had been informed about the hack attack, the Irish Data Protection Commissioner said that it had not been provided with enough details.
Apparently, there was a weakness in the code for a Facebook feature called “View As”, which let people see how their accounts appeared to other users. This loophole was used by hackers to steal access tokens. Access tokens are digital keys that allow users to stay logged in to their accounts without having to repeated re-enter their passwords. However, once the hackers got a hold of those access tokens, they were able to take over users’ accounts.
Facebook stated that this weakness stemmed from a change that was made to their video uploading feature in July 2017, which had an impact on the “View As” feature. The attackers not only found this vulnerability to get hold of an access token, but also pivoted from that account to steal other access tokens.
Facebook also admitted that while access tokens were stolen for nearly 50 million Facebook accounts, the company did not know whether any of the users’ personal data had been collected or misused from those accounts. According to Facebook executive Guy Rosen, such an attack required sophistication and resources to find those loopholes.
CEO Mark Zuckerberg, during a conference call with his executives, stated that more needed to be done to ensure that something like this did not occur in the first place.
Earlier this year, Facebook was at the center of a storm when it was found out that the political research company Cambridge Analytica had gained access to over 80 million Facebook users’ data illicitly. This led to a congressional hearing.
This time, however, the consequences of this data breach could be much worse since it involved hackers getting into accounts and having access to information that is not public.