On Friday, 28th of September, millions of users could not log in into their Facebook accounts and were unexpectedly logged out of the system. If you, just like me, did not pay tons of attention to the bother, it was not the case. It occurred to be a major hacking break into the leading social media’s system. 50 million users’ accounts were hacked and many others experienced a software inconvenience as they could not reach their own profiles.
What happened was a break into the Facebook accounts’ tokens. The company allegedly knew about the system vulnerability since Tuesday, some digital security specialists say, but could not prevent the hack. There were three multiple bugs which led to the breach. According to Forbes:
The perpetrator’s ultimate aim was to steal what is known as “OAuth bearer tokens.” Essentially, these tokens prove the Facebook user is the rightful owner of an account and denote what they have access to.
Web security researchers say the hack affected much more than 50 million. It was not only their Facebook account though, but all applications related to the server and all external websites reached with Facebook credentials. Among these could be other social media, marketplaces, news portals, and magazines, etc.
The breach happened through Facebook’s ‘View As’ and video upload feature. The ‘View As’ is an option for the user to see how his/ her profile would look like if examined by a non-friend. Facebook was aware that this a sensitive spot in their system but could not prevent the break.
What the hack means is not only that a third party could see your personal information, photos, likes and shares on Facebook but that the hackers could do literally anything with your profile. A social media user told us on Friday he found out that he shared, commented and joined pages without his knowledge.
The breach shows a major danger for the web security. This was exactly the reason for the European Union to come up with the idea of the new GDPR (General Data Protection Regulation). Now, according to the Wall Street Journal, Facebook could be fined with the maximum sum for breaking the GDPR. Europe’s biggest Facebook law observer, Ireland’s Data Protection Commission, is trying to understand what exactly happened on Friday. The highest penalty for violating personal data equals 4% of a company’s global revenue for the year. With Facebook, that would be $ 1.63 billion USD. Yet, it is not clear if the Commission is going to apply the penalty regulations. If it occurs that Facebook ‘was not guilty’ for the hack, attempted to prevent it or used any compliance at all, it could all go smoothly for the giant firm.
In the last few years, Facebook is constantly attacked for its low-level security and exposing users’ personal information to web danger. The Cambridge Analytica scandal is still on, in which an application developer transferred data of more 87 million profiles to Cambridge Analytica. Facebook keeps denying privacy violations but is pointed at the biggest personal data abuser in the whole web.