Zuckerberg’s Under Fire for Yet Another Facebook Data Breach

Zuckerberg’s Under Fire for Yet Another Facebook Data Breach

Another day, another reminder that Facebook is not your friend. Zuckerberg’s astonishingly low opinion of his customers’ intelligence is now the stuff of legend. But even when he’s not profiting directly from personal data, his company’s lack of foresight has still left the door open to unknown numbers of unknown agents to access and leverage data from Facebook users.

Here we are again, in the fall of 2018, and Zuck is yet again facing the music — if not the consequences — of another unprecedented Facebook data breach. This time, it’s the largest such attack in the company’s history.

50 Million Facebook Accounts Compromised

On September 16, Facebook engineers detected unusual traffic patterns on the website, which prompted an internal investigation. They discovered the traffic was the telltale sign of a Facebook data breach from some as-yet-unknown outside identity with as-yet-undetermined motivations.

It’s no secret that Facebook users elect to provide the website with all kinds of demographic information, including names, genders, cities of residence and their birthdays.

But outside entities aren’t supposed to have access to this information — and they’re certainly not supposed to be able to “commandeer” and data-mine 50 million accounts at a time.

According to security researchers, it’s likely the scope of the attack was even worse than Facebook admitted. Among the accounts affected were the profiles of Zuckerberg himself as well as COO Sheryl Sandberg.

Company personnel detected the Facebook data breach on Tuesday, September 16. By Thursday night, the “vulnerability” had been found and patched. But as has become routine for this company, the damage was done. All of this information is out there someplace.

So how’d it actually happen?

Facebook traced the vulnerability to three software bugs involving the “View As” feature. This lets users see their profile as somebody else would see it.

These glitches made Facebook’s “security tokens” free for the taking. Security tokens are a digital key that keeps people logged in so they don’t have to type their password repeatedly across visits.

With just one token, for just one account, attackers were able to employ the “View As” feature to steal tokens for other accounts in turn.

In a statement, Zuckerberg claimed their investigation “has not shown that these tokens were used to access any private messages or posts or to post anything to these accounts. But this, of course, may change.” As a precaution, Facebook reset the security tokens for a total of 90 million Facebook accounts.

Subscribe to Productivity Bytes:



What on Earth Is Going on at Facebook?

The news media has been laser-focused on Facebook for months now, meaning this latest embarrassment couldn’t have come at a worse time.

As for this latest attack, the Federal Trade Commission is involved and “alarmed” by the breach. As the FTC considers a way forward, its Commissioner, Rohit Copra, has already made his feelings on the matter clear: “These companies have a staggering amount of information about Americans. Breaches don’t just violate our privacy, they create enormous risks for our economy and national security.”

The national security angle isn’t lost on Congress, which demonstrated uncharacteristic fleet-footedness in hauling Zuckerberg before the House Energy & Commerce Committee to testify about election interference and other matters.

Their concern centered on Facebook’s complicity with social engineering firm Cambridge Analytica. A “flaw” in Facebook’s architecture allowed this firm to gather data on Americans and Europeans and then engage in the strategic dissemination of fake news and false flags to steer the course of the Brexit vote and the 2016 U.S. presidential election.

As of this writing, Facebook still had not identified the attackers responsible for the cyber attack in September.

What’s Next for Facebook and Zuckerberg?

It’s probably not a good sign for Facebook’s future that the founders of Instagram, which Facebook purchased for a cool billion dollars in 2012, are leaving the company following unresolved internal disputes. But that was after the Cambridge Analytica mess. So what kind of fallout can we expect from this latest scandal?

With any luck, we’ll see other tech companies and developers learn to be more proactive. Facebook is, rightfully, the poster child for misappropriated personal information — but there are still around 100 free and paid apps in the Google Play store with invasive tracking abilities.

This and other stories like it are, additionally, driving consumer interest in security software, VPNs and other solutions for vulnerabilities throughout modern technology.

In recent dispatches, Zuckerberg has promised that Facebook is investing in more robust security measures.

But at this point, even if the technological holes are plugged, doesn’t this still look suspiciously like a sinking ship? Perhaps not. Google+ foundered mostly because people couldn’t be bothered to transition their digital social lives to a different platform.

Even amid all the chaos, Facebook’s ecosystem still looks pretty “sticky” for user retention. In 2016, the site experienced what was at the time one of the most rapid dropoffs inactive users: from 185 million North American users to a “mere” 184 million.

Unsurprisingly, Facebook managed to make even more money from advertisements in 2017 than it did in 2016.

At the end of the day, the most preposterous part of this story is that Facebook still thinks it retains enough public trust to launch a line of smart home hardware to rival Google and Amazon, replete with cameras and microphones.

What could go wrong?

If you enjoyed this post, you’ll also like these:


The following two tabs change content below.
Kayla Matthews is a technology writer and the editor of Productivity Bytes. Her work has been featured on Digital Trends, MakeUseOf, VICE, VentureBeat, The Daily Dot and WIRED, among others. Follow her on Twitter to read her latest posts.

Latest posts by Kayla Matthews (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.