- Explaining the significance/ seriousness of Facebook data breach.
- On September 16, Facebook noticed an unusual spike in the number of times the platform’s ‘View As’ feature was being used.
- On September 25, Facebook announced that it had identified this as a malicious activity in which the access tokens of 50 million users were appropriated by unknown hackers, and certain personal details possibly accessed.
The terms explained
- ‘View As’ Feature
- The feature allows users to see how their Facebook page will appear to another user.
- The ‘View As’ feature was introduced by Facebook as a privacy control feature, allowing users to check the information they were sharing with others.
- Access token
- An access token is a digital key that allows users to stay logged into Facebook on a device or browser without having to sign in repeatedly using their password.
- It extends its reach to other apps or services that users sign into using their Facebook account.
The problem of data breach
- The access tokens of 50 million users were appropriated by unknown hackers and if hackers have the access tokens, they do not require passwords to get into Facebook accounts or apps like Instagram that utilise the Facebook login.
- The view as feature of Facebook proved to be aweek point because of some bugs that were introduced in the software in July 2017.
- With the bug introduced, while using the ‘View As’ feature, Facebook’s video uploader tool also appeared on the page at times, generating an access token that was not the user’s but of the person the user was looking up.
- For example, if Hacker ‘A’ selected User ‘B’ for ‘View As,’ and the video uploader appeared on the page, it generated an access token for User B which was then available to Hacker A.
- The bug helped hackers to get the access token of 50 million users and some personal data of of the users were possibly compromised.
Efforts by various stakeholders after the data breach incident
- Facebook had to force the affected 50 million users, and an additional 40 million users who had used the ‘View As’ feature since last July to log in again so that their access tokens changed.
- Facebook has since resolved the bugs that caused what is said to be the largest breach in the history of the platform.
- Facebook is said to be working with the FBI on the issue.
- It also informed the Irish Data Protection Commission, since the European Union’s strict new data protection law states that it has to be informed within 72 hours if anyone in the European Economic Area is affected.
- The Commission has started a probe, and Facebook faces a fine that could go over a billion dollars.
Significance of the incident
- The breach puts the spotlight on the vulnerabilities of Facebook, the digital gaint that claims over two billion users and along with Google controls more than half of the global digital advertisement revenue.
- It was also caught on the wrong foot when the Cambridge Analytica scandal broke, revealing that data of up to 87 million users were harvested and used for political campaigning.
- Privacy of the users
- The breach has the direct impact of private data being accessed by the hackers.
- Profiling of users
- Apart from this massive data sets allow for psychological profiling of users, which could lead to targeted political advertising and manipulation.
- This seems significant, especially when crucial mid-term elections are due in the United States and in India.
- Trust deficit
- It also undermines the faith in the ‘single sign-in.’
- The Facebook sign-in has been utilised by number of apps, from gaming apps to news apps, as a way to log in to their sites or apps.
- They have used this platform because of the belief that large digital entities like Facebook and Google provide better security.
- However, this trust now stands shaken.
- Connected apps
- While Facebook has reportedly refreshed the access tokens of all affected parties, the extent to which the hackers had access to connected third-party apps remains unclear.
- This puts the privacy of users of digital platforms in jeopardy.
- A New Digital Deal towards a humancentric digitalization is required.
- It is time for society to fundamentally agree on ethical principles and common values for a digital world: it is time for a New Digital Deal.
- It needs to define a new social contract which ensures better, more open collaboration between governments, business, and civil society and under which technology finally serves to improve everyday life for every member of our societies.
- We need collaboration and debate to find creative ideas to renegotiate, redefine and reassert common values for our digital future.
- This New Digital Deal should establish:
- A Digital Bill of Rights that protects our values and fundamental rights in a digital world.
- A modernisation of our policies and regulatory frameworks to guarantee fair competition.
- A renewed focus on business responsibility based on better transparency and increased accountability for their services and platforms.
- A commitment to innovation, entrepreneurship and investment.
- A collective understanding of how digitalisation can be made sustainable by improving inclusiveness, transparency, accountability, responsibility and fairness.