What we still don’t know about the Facebook breach
Who did it, who else was affected, and how much will it cost Facebook?
THESE ARE THE QUESTION WE SHOULD HAVE IN MIND NOW!!!
It’s been three days since Facebook reported that hackers obtained access tokens for 50 million user accounts, in what is believed to be the largest such data breach in its history. Here’s what we’ve learned since then..
One, the breach may have affected other third-party services that use the Facebook Connect identity platform. Several large internet services rely heavily on Facebook logins, including Spotify, Airbnb, and Tinder. Anyone who had full access to a user’s account would have been able to log into those services as well, possibly undetected.
The third-party developer situation set off a secondary debate about the wisdom of using Facebook login.
Two, the legal consequences of the breach are becoming apparent. A class-action lawsuit was filed with terrifying speed. And while Facebook appears to have disclosed the breach within the 72 hours required by the General Data Protection Regulation, the European Union privacy watchdog could still fine Facebook up to $1.63 billion, Sam Schechner reported in the Wall Street Journal. Separately, the Irish Data Protection Commission said Monday that less than 10 percent of the breach’s victims live in the European Union. (Le Monde says it’s fewer than 5 million.
Three, a Facebook executive on Monday repeated the idea that the breach came as the result of “a sophisticated attack.” Speaking at an Advertising Week panel, the company’s global head of marketing, Carolyn Everson called the still-unknown attackers an “odorless, weightless intruder that walked in” and that Facebook could only detect “once they made a certain move.” (Everson also had the one-liner of the day. When asked about the acrimonious departures of the billionaire WhatsApp founders earlier this year, she replied: “I’d like to hear more about their philanthropy.” Which deserves a spot on any list of the funniest things ever said on stage during an Advertising Week presentation.)
On the pro side, Facebook login offers enhanced security measures such as “risk-based logins” — challenging users to provide additional information if it suspects a password has been stolen.
On the con side, Facebook’s dominance has created something resembling to a single point of failure for online security.