News

Facebook left vulnerability that led to major data breach unresolved for 9 months

By admin
Spread the love

Facebook has long been aware of a vulnerability that led to a major data breach in 2018 that affected 30 million users. Court documents show that Facebook only solved the problem after nine months.

The British newspaper The Telegraph has the documents. It states that both employees and outsiders reported the loophole through which it was possible to access user accounts. Despite the reports, the vulnerability remained unsolved for nine months and that eventually led to a major data breach.

Facebook developers say in documents they feel guilty and hurt, because they know that the data breach could have been prevented. According to the documents, Facebook also received a tip via Twitter two weeks before the data breach, but it was allegedly ignored.

The case concerns the vulnerability in the View As feature that came to light at the end of September 2018. Through that feature to view profiles as someone else, it was possible to take over accounts of nearly 30 million users. Access tokens could be retrieved due to errors in the code. Thanks to these tokens, legitimate users don’t have to log in every time. Initially, Facebook reported that 50 million users were affected, later that was adjusted to 30 million.

After the data breach was announced, the FBI, among others, opened an investigation. Facebook CEO Mark Zuckerberg claimed in a press conference to take the security problem very seriously. The court documents suggest that this was not the case initially. Developers of the social network already expressed their concerns about the tokens and their possible misuse in December 2017, but technical adjustments were never completed. According to one of the employees, warnings were ‘virtually ignored’.

In a response to the newspaper, a Facebook spokesperson denies that warnings about the access tokens have been ignored. According to the social network, developers were working to fix the issue when the data breach occurred. The spokesperson said the issue was not assessed as high risk and that the data breach could only have occurred due to an “unusual combination of various glitches that the company had not foreseen.”

The documents came out in a class-action lawsuit in the United States. Victims of the data breach accuse Facebook in that joint case of negligence and poor protection of their private data. The case was quietly settled last month. According to the agreements made, Facebook does not admit any responsibility and does not pay any compensation. However, the social network will reimburse the legal costs and it has been agreed that Facebook will draw up a security plan to prevent similar attacks. This plan is checked annually by an independent assessor for five years. The settlement still has to be approved by the judge.

You might also like
News

X begins to deploy the audio and video calling function (but only paying users can…

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

Exit mobile version