Facebook Could Face $1.63 Billion Fine Over Latest Hack Under GDPR

Facebook Could Face $1.63 Billion Fine Over Latest Hack Under GDPR

Facebook Could Face $1.63 Billion Fine Over Latest Hack Under GDPR

Facebook began notifying users over the weekend of the breach, but it sent it out in the form of a notice posted at the top of news feeds titled "An Important Security Update" containing the same information sent to reporters.

Facebook says it doesn't know who is behind the attacks or where they're based. This latest hack involved bugs in Facebook's "View As" feature, which lets people see how their profiles appear to others.

The breach, which Facebook has said affected 50 million of its users, would have allowed hackers to log in as those people on Facebook and on apps and websites that allow SSO though Facebook.

Tokens allow users to remain logged in to Facebook so they don't have to keep re-entering their password every time they want to access it.

A spokesperson for the dating app Tinder said Monday that Facebook (FB) has shared only "limited information" and called on Facebook to be "transparent" about which of Tinder's users may have been affected. Fixing the vulnerability and informing law enforcement; 2. The company also has reset access tokens for the affected accounts and another 40 million accounts that have have used the "View As" feature in the past year. Third, we're temporarily turning off the "View As" feature while we conduct a thorough security review.

You must know this little fact following the news that at least 50 million Facebook users, and possibly 90 million, had their accounts accessed by hackers. It also faces severe criticism here over use of its platform to spread fake news.

The vice-president of product management, Guy Rosen, also spoke on the conference, saying that the company has notified and was working with the Federal Bureau of Investigation. It will likely only intensify criticism of the company's handling of user data and its privacy policies in the wake of the Cambridge Analytica scandal earlier this year, in which more than 70 million users' personal info was packaged and sold to a data-mining firm without their consent.




"Today, consumers should be working under the assumption that their private information has been stolen by hackers 10 times over", said Sam Curry, chief security officer at Cybereason.

The company did not detail what its investigation entailed nor what precautionary measures it took.

Guy Rosen, Facebook's vice president of product management wrote in a blog post: "Since we've only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed". In Facebook's case, hackers found a way to directly get your access token, bypassing the need to know your username or password. Presumably the social media giant will begin releasing more information about the breach soon, but the radio silence throughout the weekend indicates that it is either still in the process of gathering that data or is deciding how to disclose it.

This let them use your Facebook account "as if they were the account holder" - a shocking security breach.

Chang said the event would happen at Sunday at 6 p.m. local time or 6 AM EST/ 3 AM PST.

Although you will to have to log back into your account, you do not have to change your passwords, Facebook added.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.