, ,

Zuckerberg’s Under Fire for Yet Another Facebook Data Breach

October 11, 2018 • Shannon Flynn


Another day, another reminder that Facebook is not your friend. Zuckerberg’s astonishingly low opinion of his customers’ intelligence is now the stuff of legend. But even when he’s not profiting directly from personal data, his company’s lack of foresight has still left the door open to unknown numbers of unknown agents to access and leverage data from users in a massive Facebook data breach.

Here we are again, in the fall of 2018, and Zuck is yet again facing the music — if not the consequences — of another unprecedented Facebook data breach. This time, it’s the largest such attack in the company’s history.

50 Million Facebook Accounts Compromised

On September 16, Facebook engineers detected unusual traffic patterns on the website, which prompted an internal investigation. They discovered the traffic was the telltale sign of a Facebook data breach from some as-yet-unknown outside identity with as-yet-undetermined motivations.

It’s no secret that Facebook users elect to provide the website with all kinds of demographic information, including names, genders, cities of residence and their birthdays.

But outside entities aren’t supposed to have access to this information — and they’re certainly not supposed to be able to “commandeer” and data-mine 50 million accounts at a time.

According to security researchers, it’s likely the scope of the attack was even worse than Facebook admitted. Among the accounts affected were the profiles of Zuckerberg himself as well as COO Sheryl Sandberg.

Company personnel detected the Facebook data breach on Tuesday, September 16. By Thursday night, the company had found and patched the “vulnerability.” But as has become routine for this company, the damage was done. All of this information is out there someplace.

So How’d the Facebook Data Breach Actually Happen?

Facebook traced the vulnerability to three software bugs involving the “View As” feature. This lets users see their profile as somebody else would see it.

These glitches made Facebook’s “security tokens” free for the taking. Security tokens are a digital key that keeps people logged in so they don’t have to type their password repeatedly across visits.

With just one token, for just one account, attackers were able to employ the “View As” feature to steal tokens for other accounts in turn.

In a statement, Zuckerberg claimed their investigation “has not shown that these tokens were used to access any private messages or posts or to post anything to these accounts. But this, of course, may change.” As a precaution, Facebook reset the security tokens for a total of 90 million Facebook accounts.

What on Earth Is Going on at Facebook?

The news media has focused on Facebook for months now, meaning this latest embarrassment couldn’t have come at a worse time.

As for this latest attack, the Federal Trade Commission stepped in and said it’s “alarmed” by the breach. As the FTC considers a way forward, its Commissioner, Rohit Copra, has already made his feelings on the matter clear: “These companies have a staggering amount of information about Americans. Breaches don’t just violate our privacy, they create enormous risks for our economy and national security.”

The national security angle isn’t lost on Congress, which demonstrated uncharacteristic fleet-footedness in hauling Zuckerberg before the House Energy & Commerce Committee to testify about election interference and other matters.

Their concern centered on Facebook’s complicity with social engineering firm Cambridge Analytica. A “flaw” in Facebook’s architecture allowed this firm to gather data on Americans and Europeans and then engage in the strategic dissemination of fake news and false flags to steer the course of the Brexit vote and the 2016 U.S. presidential election.

As of this writing, Facebook still had not identified the attackers responsible for the cyber attack in September.

What’s Next for Facebook and Zuckerberg After the Data Breach?

It’s probably not a good sign for Facebook’s future that the founders of Instagram, which Facebook purchased for a cool billion dollars in 2012, are leaving the company following unresolved internal disputes. But that was after the Cambridge Analytica mess. So what kind of fallout can we expect from this latest scandal?

With any luck, we’ll see other tech companies and developers learn to be more proactive. Facebook is, rightfully, the poster child for misappropriated personal information — but there are still around 100 free and paid apps in the Google Play store with invasive tracking abilities.

This and other stories like it are driving consumer interest in security software, VPNs and similar solutions. This shift puts control over vulnerabilities into their own hands.

In recent dispatches, Zuckerberg has promised that Facebook is investing in more robust security measures.

But at this point, even if the technological holes are plugged, doesn’t this still look suspiciously like a sinking ship? Perhaps not. Google+ floundered mostly because people couldn’t be bothered to transition their digital social lives to a different platform.

Even amid all the chaos, Facebook’s ecosystem still looks pretty “sticky” for user retention. In 2016, the site experienced what was at the time one of the most rapid dropoffs inactive users. They fell from 185 million North American users to a “mere” 184 million.

Unsurprisingly, Facebook managed to make even more money from advertisements in 2017 than it did in 2016.

At the end of the day, the most preposterous part of this story is that Facebook still thinks it retains enough public trust to launch a line of smart home hardware to rival Google and Amazon, replete with cameras and microphones.

What could go wrong?