Last week we shared the security breach that affected 50 million users' accounts on Facebook. According to the Irish Data Protection Commission's tweets, less than 10 percent of these 50 million users are members of the European Union.
UPDATE Facebook data breach - @DPCIreland understands that the number of potentially affected EU accounts is less than 10% of the 50 million accounts in total potentially affected by the security breach. DPC Ireland statement beneath. #dataprotection #GDPR #EUdataP pic.twitter.com/oSfGy6DP2S
— Data Protection Commission Ireland (@DPCIreland) October 1, 2018
Facebook may have to pay fines if the European Union finds that Facebook does not take the necessary measures to protect the safety of its users. In such a case, Facebook would pay 4% of the annual global income of 40.7 billion dollars to the European Union, which is 1.63 billion dollars.
However, the numbers we are talking about are calculated from the income of last year. Therefore, as Facebook's revenues decrease, the figure that it will pay decreases. Nevertheless, the rate of 4 percent remains.
In the meantime, it is useful to say that Facebook didn’t leave Ireland Data Protection Commission’s tweet unanswered. Facebook tweeted the following sentences:
“We're working with regulators including the Irish Data Protection Commission to share preliminary data about Friday's security issue. As we work to confirm the location of those potentially affected, we plan to release further info soon.”
We're working with regulators including the Irish Data Protection Commission to share preliminary data about Friday's security issue. As we work to confirm the location of those potentially affected, we plan to release further info soon. https://t.co/Cs1uSMtBNk
— Facebook (@Facebook) October 1, 2018
Facebook reported on Tuesday evening that this security breach was reported to both the legislators and the public on Friday morning. In fact, this detail is important, because Facebook would pay 2 per cent of its global income as a fine if it were to complete 72 hours of security breaches.
Let us recall the details of this attack on Facebook. Attackers used 3 errors to obtain data. In July 2017, Facebook's video upload tool caused 3 system vulnerabilities. The video installer was opening when users clicked ”View as” in their profiles. When the video uploader opened, the access key of the profile page was being displayed.
Attackers accessing the key were able to log into the account. For this reason, Instagram, Oculus and third-party applications that were logged in with Facebook were also affected. Let us point out that investigations about this vulnerability have continued. However, as a result of the entry into force of the strict rules of the GDPR, the European Union is likely to fine Facebook heavier than the US.
Moreover, many users who have lost their trust in Facebook after the Cambridge Analytica scandal, wonder what Facebook’s role was. In fact, such a large-scale and long-term security gap staying unnoticed; can drive away the company's partners from the platform.
Image Source: Techbooky