Facebook is not having a good year. Already, the social media giant has faced serious questions from Congress and its user base about privacy and censorship … but a major data breach revealed this weekend is raising even more eyebrows.
A minor scandal erupted earlier in 2018 when a scheme involving the firm Cambridge Analytica came to light. In simple terms, that company “mined” the personal data of countless Facebook users in order to do voter targeting, and the social networking site’s lax privacy policies made it possible.
Mark Zuckerberg, Facebook’s famous CEO, scrambled to do damage control. The company changed many of its privacy settings, and Zuckerberg looked Congress in the eye to essentially say, “We fixed the problem, trust us.”
But trusting Facebook is looking more and more like a poor idea. On Friday, it was revealed that a hacker had compromised the accounts of a staggering 50 million users.
“The company’s security team found three bugs were used in the attacks, saying they were used in combination to successfully break into Facebook accounts,” reported Forbes Magazine.
Many users received obligatory sign-out notices, and were forced to re-enter their passwords on computers and phones as a stop-gap effort against the hack.
It was bad enough that a malicious group may have accessed millions of Facebook accounts without permission. What is more troubling, however, is that the hack could have also exposed the accounts of many other non-Facebook sites.
The problem is that numerous sites use Facebook’s convenient log-in system. You’ve probably seen it before: Instead of entering a unique username and password, many sites and apps allow you to log in with your Facebook account at the press of button.
It’s easy to use, but also apparently easy to exploit — at least for skilled hackers.
“OAuth (security) tokens are like car keys, if you’re holding them you can use them, there’s no discrimination of the holder,” explained cybersecurity researcher Thomas Shadwell.
“And in the context of this attack, those keys unlocked not just Facebook accounts, but any site that affected users accessed with a Facebook login,” elaborated Forbes. “That might include Instagram or news websites.”
The situation is a nightmare for Facebook under the best of circumstances. Given the social network’s very bad year, however, the hack represents yet another warning sign that oversight may be needed and “just trust us” isn’t enough.
“Facebook has suffered an attack that not only gives anyone considering leaving the social network another reason to jump ship, but that’s also irrevocably tarnished the trust between internet denizens and the companies they rely on to keep their online lives private,” summarized Forbes.
It’s worth noting that conservatives have already raised alarm bells over how the social networking site distributes content. The Western Journal led the way in gathering evidence that Facebook may be politically biased and far less even-handed than it claims.
To be sure, there are real benefits of using social networking sites like Facebook. People can keep in touch with their family and friends even worlds apart, while citizens of all backgrounds can stay connected to the news and commentary that they prefer.
As Facebook grows to become ubiquitous, however, it’s wise to ask questions about monopolies and oversight. There comes a point when a service becomes so widespread and pervades so many areas of our lives that it is not just another site.
With great power comes great responsibility.
Millions of users have given Facebook power over their personal details and access to almost every part of their lives … but whether the company can live up to its responsibilities of non-partisanship and trust remains to be seen.
Truth and Accuracy
We are committed to truth and accuracy in all of our journalism. Read our editorial standards.