In a move that sent shockwaves through the tech industry, European Union privacy watchdogs have taken a decisive stand against Facebook owner Meta. The social media giant was slapped with hefty fines totaling 251 million euros on Monday following a thorough investigation into a major data breach that occurred on its platform back in 2018. This breach exposed millions of user accounts to potential risks and vulnerabilities, leading to widespread concerns about data privacy and security.
The penalties were handed down by Ireland’s Data Protection Commission, which concluded its inquiry into the breach. It was revealed that hackers had managed to exploit bugs in Facebook’s code, allowing them unauthorized access to user accounts. Through this breach, the perpetrators were able to steal crucial digital keys known as “access tokens,” compromising the security and integrity of the affected accounts.
As the lead privacy regulator for Meta in the EU, the Irish watchdog played a pivotal role in holding the company accountable for the infringements identified during the investigation. Under the stringent privacy regulations of the EU, known as the General Data Protection Regulation (GDPR), Meta was found to have violated multiple rules pertaining to data protection and privacy rights.
The issued reprimands and administrative penalties amounted to a staggering 251 million euros ($264 million), signifying the gravity of the situation and the importance of upholding data protection standards. In response to the penalties, Meta expressed its intention to appeal the decision, emphasizing the company’s commitment to addressing the issues raised during the investigation.
“This decision pertains to an incident that occurred in 2018. We took immediate action to rectify the problem as soon as it was brought to our attention,” Meta stated in a released statement. The company further noted that it had proactively informed the affected individuals as well as the Irish watchdog about the breach and the steps taken to mitigate its impact.
Initially, Facebook had disclosed that 50 million user accounts were compromised in the breach. However, the actual number of affected accounts turned out to be around 29 million, including 3 million in Europe, as reported by the Irish watchdog. Following the discovery of the breach, Meta had promptly alerted law enforcement agencies such as the FBI and regulatory bodies in the U.S. and Europe to address the security incident.
The data breach was attributed to three distinct bugs within Facebook’s “View As” feature, which allowed users to see how their profiles appeared to others. Exploiting these vulnerabilities, the attackers were able to pilfer access tokens from the accounts of individuals who had used the “View As” feature. Subsequently, the attack propagated from one user’s Facebook friend to another, escalating the scope and impact of the breach.
Possession of these access tokens granted the attackers unauthorized control over the compromised accounts, posing a significant threat to the privacy and security of the affected users. The breach underscored the importance of robust security measures and proactive detection of vulnerabilities to safeguard user data and prevent similar incidents in the future.
