Last Friday on the 28th of September, Facebook users were shocked to wake up and find that they had been logged out of all their devices. Was this a contained glitch, perhaps a device or app mishap?
A darker truth would soon emerge. Facebook had been hacked – again. The accounts of about 50 million users worldwide had been compromised, a fact Facebook had learned days before last week’s announcement. After they had analyzed the situation, Facebook themselves logged out these 50 million or so users, in an effort to protect them. But had the damage been done already?
These attackers exploited a vulnerability in Facebook’s code that impacted “View As,” a feature that lets people see what their own profile looks like to someone else, Facebook explained in security news update.
This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts.
“Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” Facebook explained.
Almost 50 million users were directly affected, while another 40 million could have also fell victim indirectly. Facebook logged out all 90 million last Friday as a precaution.
The news of another hack comes following the major Cambridge Analytica scandal earlier this year, where millions of users’ data was used during the 2016 Trump election campaign.
This latest hack is another blow to the credibility of Facebook’s security, which brings into question how secure these multi-billion dollar social media companies are, and how seriously they take their users’ security.
Users might forgive and forget…
Following similar data breaches, data has shown that Facebook users have maintained loyalty.
“Facebook’s scandals of the past year barely put a dent in its active users. Daily active users remained flat between Q1 and Q2 at 185 million users, but that’s probably more because of saturation — nearly everyone in North America who’s online already has a Facebook account,” Business Insider explained.
At the moment, the full extent of the attack has not yet been discovered. If users find out that their private messages and pictures have ended up on some public online domain, the backlash will be great in magnitude and potentially disastrous to the company.
…despite some migration…
Facebook has become a bloated $458.63 billion company, and it seems to think it is untouchable. The succession of breach scandals would have torn down a lesser company, but Facebook is confident in its position. It’s not certain how much more the company can take, however.
A study by the Pew Research Center earlier this year found that young people aged between 13 and 17 were flocking away from Facebook and turning to Snapchat. The drop has been significant: 51% of people aged between 13-17 used Facebook in 2018, compared to 71% in 2015.
An early 2018 study by eMarketer discovered similar results.
At the time, Paul Verna, an analyst at eMarketer, noted that this decline in users will pose a “greater existential threat” to Facebook than the Cambridge Analytica scandal.
…but government bodies won’t
On the other end of the spectrum, you have government bodies who are calling for Facebook blood.
“I want answers,” FTC Commissioner Rohit Chopra tweeted last Friday following the announcement.
The Irish Data Protection Commission (DPC) regulates Facebook’s data affairs in Europe, as the social media’s subsidiary is headquartered in Ireland, CNBC explained.
In a statement to CNBC on Tuesday, the Irish DPC said that it was awaiting “more detailed numbers” and that it was assessing whether to open a formal probe into Facebook.
As of this writing, the DPC has now opened an official investigation.
This comes at a crucial point in time, as Europe just recently introduced the General Data Protection Regulation (GDPR) in May, a regulation in EU law that governs data protection and privacy for all individuals within the European Union and the European Economic Area.
Facebook could be fighting a legal battle with government bodies on several fronts, and it won’t end well for the social media giant.
Has there been any financial backlash?
If Facebook is found to have broken GDPR law, the company could be fined a maximum of $1.63 billion, 4% of annual global turnover, CNBC noted.
The stock market is a different beast entirely. As of this writing, Facebook stock has dropped 5.92% since news of the breach broke out, which will cost the company serious money.
Facebook’s stock dropped 20% in July following a weak earnings report, losing approximately $120 billion in value.
The Cambridge Analytica scandal was clearly taking its toll.
“As I’ve said on past calls, we’re investing so much in security that it will significantly impact our profitability,” Zuckerberg said. “We’re starting to see that this quarter.”
In trying to satisfy security concerns, the company was in fact cutting their profits down to bolster their defenses. In the end, if such a major issue is not addressed, the entire company could unravel under customer and government scrutiny.
Furthermore, the young generation today is less patient and tolerant than any other, and if they feel Facebook is slacking behind, or putting their information at risk, they will easily make the transition to the dozen other social media platforms available. The hashtag #DeleteFacebook was trending directly following the Cambridge Analytica controversy, and it’s no surprise why.
About a decade ago, MySpace was ousted by the newer and shinier Facebook. Today, Facebook is in MySpace’s shoes, and we could very well be seeing the start of its demise.