Facebook was warned in advance about the security issue that led to the 2018 data breach

nanoguy

TS Addict
Staff member

The social giant has vowed to do a better job with users' security, in light of a class action lawsuit that revealed a tale of mismanagement and ignoring repeated warning from employees in the 2018 incident that exposed the personal details of millions of users around the world.

According to a report from The Telegraph, Facebook was made aware about the potential security risk nine months in advance, which should have been ample time to prevent a hack that affected more than 50 million accounts and inconvenienced more than 90 million, who were signed out on all of their devices. The incident also affected three million people in the EU, which naturally prompted a thorough investigation by the Irish Data Protection Commission.

The Telegraph cites court documents that indicate employees had developed "guilt" and "hurt" after repeated warnings led to no action being coordinated by upper management. Several Facebook engineers expressed their worries over the fact that access tokens -- which are essentially unique identifiers you can use to do things like logging in to third part apps and services -- were an easy target for cybercriminals.

The engineers explained that the social giant had released features that use the non-expiring access tokens despite ample evidence that it would be a bad idea. Facebook denies these claims, noting that while it did know about several glitches, it couldn't have known about a possible exploit that combined all of them in a novel way. The company refused to pay damages but promised to improve its security protocols, which will be assessed on a yearly basis by an independent third party.

CEO Mark Zuckerberg had been a big proponent of the "move fast and break things" mentality that has lead to many large-scale privacy and security mishaps, but many believe he shouldn't be allowed so much control over users' data. And other CEOs like Elon Musk are open about their disdain for the platform.

If we look at what the company is doing right now, the recent work around restoring user agency over their data is certainly an example that Facebook can at least keep some of its promises. However, the company has still a long way to go -- it keeps ignoring glaring vulnerabilities in its services, and user data can still be scraped and shared among cybercriminals in obscure corners of the web.

Permalink to story.

 

ShagnWagn

TS Evangelist
Given their track record, and devilish morals, I wouldn't at all be surprised if they *sold* it to the cybercriminals. I also wouldn't be surprised if it went into those cybercriminals which was actually zucker's own personal bank account.
 
  • Like
Reactions: 0dium

0dium

TS Enthusiast
Unbelievable. Everyone should avoid anything related to Facebook.
Can't they be forced to show a big full screen warning after every data leak? Something like "Hey, we don't give a s**t about your data security so your data got leaked to third party. Don't be surprised if you get annoying calls offering to buy dildos or something"