It’s been almost a month since a new security incident from Mark Zuckerberg’s Facebook social network has came to the public’s attention. The company revealed on September 28, that 50 million users had fallen victim to their accounts being exposed, resulting in a 3% fall of its shares in the stock market.
Apparently the company reported the ruling to the authorities on September 25, after detecting it days before (September 16 approximately). The cause for alarm came when the use of the “See how” function within the application was noticeably increasing.
This function allows users to see the appearance of their profile as if it were a third party, in order to make different privacy settings. The analysts realized that the code of this function contained an error, because when used, the information of their accounts was stored in the browsers.
This was the ruling that allowed cybercriminals to access the data of Facebook users. The most serious thing is that this vulnerability existed since July 2017, so it is worth considering if it has been exploited on another occasion.
Faced with this reality, Mark Zuckerberg, during a conference call, accepted that they were dealing with “a really serious problem”.
Guy Rosen, vice president of product of the social network, says that among the information stolen was the victim´s name, email and telephone. Additionally, hackers also accessed the sites visited and favorite pages.
Although initially there were claims of 50 million accounts affected, a few days later the vice president of product management, reduced the figure to 30 million.
This serious incident has forced the company to notify and investigate together with the FBI, the Department of Homeland Security, Congress and the Data Protection Commission in Ireland (European headquarters). This all has contributed to the loss of confidence that is suffering the social network, during this dismal year.
Consequences of Facebook’s security breach:
One of the fears of this type of massive data leak is that it could provoke a wave of cyber attacks, be it phishing or data hijacking (ransomware), it is likely the next attack will be better directed and more effective. As the experts say, it is easier to deceive the user when they know in advance their interests, hobbies and friendships.
The incident has also had political repercussions. Members of the US Congress have reopened the debate on the need for more regulation on data privacy. Democratic Senator, Mark Warner, commented that it is a call for attention and a signal for, “Congress [to] intensify and take measures to protect the privacy and the security of the users of the social networks”.
On the European side, this case could eventually be used as evidence for the new regulation. The GDPR (General Data Protection Regulation) establishes that companies must put the necessary preventive measures to guarantee that the information of their users is protected. Otherwise, they may be fined 20 million euros or 4% of the company’s annual income in the previous year, according to the higher figure.
If these sanctions are applied to Facebook, it could be result in fines up to over 1.5 billion dollars. In the case of Facebook, the 72-hour deadline for communicating the incident was initially met, although the regulatory body has claimed Facebook might have a shortage of the information submitted.
The EU’s investigation will focus on whether there were sufficient preventive measures in place on the part of the social network to guarantee the privacy of its users and the security of its data.
Mark Zuckerberg in the spotlight:
2018 is definitely not a good year for the founder of Facebook. The incidents of Cambridge Analytics and this new data breach have severely affected the image of Mark Zuckerberg and the technological colossus.
The shares of the company have suffered a drop close to 15%, in addition there has been a runaway of managers and the patience of investors has run out. Many people are pointing their finger at Mark Zuckerberg for being responsible.
In a short period of time the following have resigned, Brendan Iribe, co-founder of Oculus, the virtual reality company acquired by Facebook in 2014. The co-founders of Instagram, Kevin Systrom and Mike Krieger. Elliot Schrage, head of communications and public relations. Alex Stamos, security chief and WhatsApp co-founder, Jan Koum.
One of the proposals that have arisen during this crisis, brought to the fore by Trillium Asset Management, a private investment fund of reference in the field of social and community investment (and one of the most notable shareholders of Facebook).
Has asked to divide the position of president to the board of directors and that of CEO, as it happens in many technologies.
The problem is that Zuckerberg is armored, because when he donated 99% of his shares to his foundation, he has also made changes to secure more than 50% of the votes. However, the discomfort of shareholders has repercussions on the price and reputation of the founder of the social network.
We hope to see how the legal investigations of the incident end and how Facebook addresses this reputational crisis. Time will tell if the company is able or not to recover from its wounds and make the necessary changes to remain a reference in the technology industry.