Facebook confirmed its “View As” feature had been compromised in the breach. If you are unfamiliar with this tool, it allows users to see their own profile as someone else would. However, a vulnerability allows anyone to gain access to security tokens for another user account. Basically, this allows full access to said account. It seems the European Union is hovering around the situation. The Data Protection Commission of Ireland, which acts as Facebook’s privacy regulator on the continent, is seeking more information. While the company may escape some of Europe’s new GDPR rules, it is close to stepping on some. The General Data Protection Regulation is a sweeping law that came into effect earlier this year. Companies scrambled to gain compliance for GDPR as the penalties for ignoring the laws can be harsh. For example, there is a $23 million fine or 4% of worldwide revenue for the previous year for not protecting data. Facebook could already be on the hook for $1.63 billion (its 4%) just because of the breach. Another 2% of revenue could have been lost by missing the deadline for reporting breaches. Luckily for the social network, it reported on time.
Investigation
It is worth pointing out that no fine is guaranteed at this point. It is unclear whether anybody’s account was affected. Facebook may have spotted it before any compromise. Either way, a European citizen would need to be affected for the GDPR regulations to come into play. Last week also ended on a poor note for the company. Facebook admitted that it takes user phone numbers and gives them to advertisers without asking for permission. Worse is the fact the numbers are given by users for greater security.
