Facebook suffered a massive data breach exposing up to 50 million accounts and a potential 40 million other users. The breach also allowed hackers to used compromised accounts to access any other associated accounts that use Facebook’s system for authentication.
As a result, the company is staring down a £1.25 billion fine from the EU following the implementation of GDPR.
GDPR states that a company found in breach of the law would be fined a maximum of €20 million (£17.7 million) or 4% of the company’s global annual turnover – whichever is larger. In this case, 4% of Facebook’s annual turnover is certainly the larger amount ($1.65 billion). However, the fine would only be levied if some of those 50 million accounts exposed by the hack were those of EU citizens.
So far it’s been revealed that CEO Mark Zuckerberg and company COO Sheryl Sandberg have been hit as part of the data breach that saw hackers exploiting a vulnerability in the “View As” feature to gain access to people’s accounts. As a security measure, Facebook automatically logged out 90 million users from Facebook to wipe the authentication tokens hackers stole.
READ NEXT: Facebook suffers £83 billion financial blow after Cambridge Analytica
The flaw has now been fixed, affected accounts have been reset and so have another 40 million as “a precautionary step”, explained Facebook’s VP of product management Guy Rosen.
Because of the authentication method Facebook uses, and the nature of the hack, other services such as Instagram, Tinder, Spotify, Airbnb and more could also be affected. Other companies haven’t piped up to say if their user accounts have also been compromised, but it’s likely many are still assessing the situation since Facebook made the case public on Friday evening.
So far it’s not yet known who instigated the hack on Facebook’s systems – although the company is almost certainly trying to track the culprit down.
Facebook is also being coy about just who has been affected. If you found yourself logged out of Facebook on the 25 September, chances are you could be one of the 50 million who had their accounts compromised. However, you could simply be part of the 40 million who were logged out as a precautionary measure.
READ NEXT: How Russia hacked its way into the 2016 US election
It’s worth noting that, despite the scale of the breach, 50 million compromised accounts only accounts for around 2% of Facebook’s total monthly active users, as of second quarter of 2018. While that’s still a hefty amount, it’s a reasonably negligible figure for Facebook and, if it’s found to not have to pay a hefty GDPR fine, the social network will bounce back from the problem without much issue.
We’ll be updating the story as more details emerge.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
