Facebook is facing questions over yet another data breach, with the BBC reporting that a hacker group has published private messages from more than 81,000 Facebook users’ accounts, while it claims to have access to 120 million profiles. The group is attempting to sell the information via the dark web.
Facebook, which has reportedly been investigating the breach since September, says that its security measures have not been compromised, and that if indeed this data is legitimate, the hackers may have accessed it through “malicious browser extensions”.
BBC commissioned research suggests that the stolen data is for real – a sample of the database includes messages, photos, etc. BBC was able to get in contact with some of the users’ whose information is listed in the breach, and they confirmed the data was correct.
Even if Facebook isn’t at fault in this case (Facebook says it has detected and removed the likely extensions involved), it still adds to the growing negative perception around the platform and its data security capacity. Within the last year, Facebook has come under fire over the Cambridge Analytica scandal, Russian election interference, and more recently, a “code vulnerability” which enabled hackers to, potentially, log in and steal user data.
Facebook has more personal insights and information than any other company in history, which has enabled the platform to build a highly effective ad targeting system – but with that comes the responsibility to protect that data and control its usage. If Facebook can’t do that, questions will be raised over whether it should even have such insight. Should Facebook come under more stringent regulation over how it uses such information? Does another organization need to step in to oversee such measures?
Facebook would obviously prefer to avoid any outside interference, or increased – and expensive – regulation, and every time another concern like this is raised, it raises the chances of Facebook coming under more intense scrutiny.
Again, Facebook says this breach was not its fault – but the fact that such data is even available in the first place is on them. It remains to be seen whether government regulators will move to make Facebook more accountable for such actions.