The stunning revelation by Facebook of a huge hack on Friday where attackers got access to at least 50 million accounts – circumventing security measures and potentially giving them complete control over both profiles and linked apps, has already created threats of a $ 1.63 billion fine dollar in the European Union, according to the Wall Street Journal.
The bug, which released defects in the "View As" and video uploader function to access the accounts, forced Facebook to reset access to 50 million users' access tokens and reinstate them for 40 million others as a precaution. (That means that if you're logged out of your devices, you're struck.) Facebook did not say whether the attackers tried to extract data from the affected profiles, but vice president of product management Guy Rosen told reporters that they had tried to get private information to harvest Facebook systems, according to the New York Times. Rosen also said that Facebook was not able to determine to what extent apps from third parties could be compromised.
It remains unclear whether the attackers could have access to the most sensitive information stored on the network, such as direct messages. Facebook has said that the attack was very advanced, their response is at an early stage and they may never know who is behind it. When Gizmodo contacted this weekend, a Facebook representative sent us to their previous statements about the attack, which contained only the previously available data.
According to the magazine, the European Privacy Protection Watchdog for Facebook, the Irish Data Protection Commission, is also struggling with learning information about what exactly happened:
The Irish Data Protection Commission, Facebook's most important privacy lawmaker in Europe, said Saturday that the company requested more information about the nature and extent of the violation, including which EU citizens might be affected.
In a statement by e-mail, the regulator said that he is "concerned that this infringement was detected on Tuesday and affects many millions of user accounts, but Facebook is currently unable to detect the nature of the breach and the risk to users. clarify."
The Journal wrote that the infringement could trigger the maximum possible fines under the recently adopted European General Data Privacy Regulation, which is four percent of a company's worldwide sales in the previous year. That would be $ 1.63 billion:
Under GDPR, companies that do not do enough to protect their users' data risk a maximum fine of € 20 million ($ 23 million), or 4% of a company's worldwide annual revenue for the previous year, whichever is higher. The maximum fine of Facebook would be $ 1.63 billion with the help of the larger calculation.
The law also requires companies to inform regulators of violations within 72 hours, with the threat of a maximum fine of 2% of global sales.
As the newspaper noted, European regulators have not yet used the GDPR to impose fines and it remains to be seen whether they will apply the maximum penalty or not at all, especially if they determine Facebook. the hack "and" has cooperated or at least partially complied with. "The GDPR, however, contains recommendations that companies store as little user data as necessary, which may give Facebook a higher liability." The European Commission has also recently demanded that Facebook provide users with better information about "how their data is being used or whether they are being sanctioned in different countries." consumers can take ", the newspaper added.
In the United States, where there is no equivalent of the GDPR, the possibility of such a penalty for this incident is more remote. Facebook is still facing a Federal Trade Commission investigation into whether several data leaks, including the Cambridge Analytica scandal and a data-scaling incident affecting most of its 2.2 billion users, violate a consent decision on user privacy in 2011, which can result in record penalties of more than a billion dollars. It is unclear what role the current debacle could play in that investigation, but a FTC chief, Rohit Chopra, tweeted: "I want to answer."
Facebook is also facing unprecedented pressures from both leading conservatives who are angry about unsubstantiated claims that West Coast-based technology companies censor them regularly. At the same time, it is still under pressure from privacy advocates who are furious about previous privacy breaches and recently the departure of the founders of subsidiaries Instagram and WhatsApp saw amid reports of power struggles with their owners. The stock of Facebook fell quickly in July amid a growing growth rate and has not recovered. It would be insincere to claim that the concerns that cause the counter-reaction to Facebook are completely twofold, but that the network is well-placed in dangerous areas – and if it turns out that attackers get access to sensitive data from users and abuse it, it can be much worse be fast.
Facebook began informing users on the weekend of the infringement, but sent it in the form of a message at the top of the news feeds entitled "An important security update" with the same information sent to reporters. Presumably, the social media giant will soon release more information about the breach, but the radio silence throughout the weekend indicates that he or she is still collecting the data or that he decides how to release that information.[Wall Street Journal]