Facebook revealed on Friday (28) that an attack on its systems has compromised 50 million people. This includes users from Instagram or any other service that depends on Facebook Login. The company is subject to a fine of up to $ 1.63 billion in Europe due to the GDPR (General Data Protection Regulation).
According to Vice President Guy Rosen, Facebook cannot rule out the possibility that hackers have accessed Instagram accounts linked to the social network. “They could access third party apps that were using Facebook Login”, explains the executive.
Services like Instagram and Tinder allow you to log in with your Facebook account, without requiring an email address and password. They offer the “Sign in with Facebook” button, or “Continue as [seu nome]”If you are already logged into the social network.
Facebook was hacked and 50 million access tokens were stolen. These digital keys could be used to control other users’ accounts. “The vulnerability was on Facebook, but these access tokens allow someone to use a connected account as if they were the account holder,” says Rosen.
Facebook could be fined up to $ 1.63 billion with GDPR
According to the Wall Street Journal, the European Union can fine Facebook up to $ 1.63 billion. With GDPR, companies that do not protect their users’ data can face a fine of up to € 20 million (US $ 23 million) or 4% of global revenue in the previous year, whichever is greater.
In accordance with this personal data protection law, the DPC (Data Protection Commission) of Ireland will be the main Facebook privacy regulator in Europe. The agency said it was “concerned that this breach was discovered on Tuesday and affects millions of user accounts, but Facebook is still unable to clarify the nature of the breach and the risk to users.”
Facebook alerted the Irish DPC on Thursday night, apparently within the maximum 72-hour deadline set by law. The social network is expected to answer several questions from the regulator. The decision to fine (or not) should only come out in the coming months.
The USA also ask for clarification from Facebook. Senator Mark Warner demands “a thorough … and public investigation so that we can understand more about what happened.” And Rohit Chopra, commissioner of the FTC (Federal Trade Commission), tweeted that he wants answers; the agency regulates commercial practices in the country.
I want answers. https://t.co/kZSttt4fmF
– Rohit Chopra (@chopraftc) September 28, 2018
Collective lawsuit against Facebook “negligence”
Two people in the USA filed a collective lawsuit against Facebook. The lawsuit alleges that the social network is negligent in failing to protect users’ data, and that it has tried to hide a “loose and inappropriate approach to data security” since the Cambridge Analytica scandal.
The lawsuit was filed by Carla Echavarria (from California) and Derrick Walker (from Virginia) “on behalf of everyone in the US … whose PIIs have been compromised by the data breach.” PII is the acronym in English for Personally Identifiable Information, such as name, date of birth, email and physical address.