Last week Facebook had another security breach, where around 50 million users were left exposed by a flaw in Facebook’s ‘View As’ feature.
The feature allows users to view their profile as it is seen by friends and the public on Facebook. Attackers were able to exploit and gain control of user’s accounts by stealing access tokens (the equivalent of digital keys that keep people logged into Facebook).
On Friday 28th users that had been affected by the security breach were asked to re log-in to their accounts. Facebook users worldwide have been affected, apparently including Facebook’s own Mark Zuckerberg and Sheryl Sandberg.
Other accounts that use Facebook to log in* such as Airbnb, Spotify and Tinder could also be affected, so if you were asked to re log in you should change all of your passwords (strong and secure, always).
"Facebook need to commit to improving their security practices and managing our data far better. This is one of the first big data breaches since GDPR came into force, and it will be interesting to see how the Irish Data Protection Commissioner handles this breach." - Graham Marcroft, GDPR and Compliance Officer at Hyve Managed Hosting.
Facebook is an obvious target for hackers. They haven’t had the smoothest ride recently, especially after the Cambridge Analytica scandal earlier this year. Facebook face a constant battle to try and convince lawmakers in the US that they are capable of keeping user data secure.
Facebook could be fined if it is found to be in breach of GDPR. The Wall Street Journal reports that Facebook could face a fine of up to $1.63bn (£1.25bn) – 4% of its annual global turnover. As Facebook Europe is based in Ireland, this is the authority that will make the decision.
* To find a list of all the sites that you use Facebook to log into, go to Settings, then ‘apps and websites’, and ‘logged in using Facebook’.