Facebook’s recent devastating security breach, which was originally thought to involve as many as 50 million users, has gone from bad to worse. It emerged that attackers were able to access some very personal data. Most worryingly: the 10 most recent locations a user had checked in to or been tagged in, and the 15 most recent searches a user had entered into the Facebook search bar.
Facebook has since given an update on their blog, and well lucky us! Only 30 million people had their account’s access token stolen. This is, of course, absolutely atrocious, and given the amount of data that was stolen, has serious ramifications for Facebook. Shares in the social media giant have fallen by nearly $20 since the news broke.
Despite the company noticing a spike in activity on September 14th, no action was actually taken until nearly two weeks later, on September 25th. Had Facebook acted decisively on September 14th, the attack could have been limited to 400,000 users. No explanation has been offered as of yet as to why it took them so long to take action.
But here’s the real kicker. According to Unfollo, accounts were being sold on the dark web marketplace Dream Market, where anyone could purchase them with Bitcoin or Monero. According to them, the accounts and sensitive user data is worth anywhere between $150 million and $600 million on the black market.
The bad news doesn’t end there for Facebook, as under European law, they could be fined up to $1.63 billion – as a result of the General Data Protection Law. This equates to roughly 4% of their annual revenue.
Since Facebook’s European headquarters are located here in Ireland, investigations have been launched by the Irish Data Protection Commission into the company’s compliance with GDPR.
Guy Rosen, VP of Product Management at Facebook, declined to give a breakdown of affected accounts, but said they were widely distributed across the world, so it’s unlikely that Irish users in particular were affected.
If you want to find out whether or not your account was impacted, you can do so here.