Add to favourites
News Local and Global in your language
16th of October 2018

Economy



Irish watchdog launches Facebook data probe

The Irish Data Protection Commission has formally begun an investigation into Facebook's recent data breach.

It will now decide whether the firm should be fined for failing to prevent hackers from being able to access up to 50 million users' accounts.

Earlier this year, the social network picked the regulator to be its "one-stop shop" for oversight of its compliance with EU privacy rules.

In theory, the watchdog can fine the US firm up to 4% of its global turnover.

Earlier, Facebook had declared that third-party apps and services which let users log in using their accounts had not appeared to have been compromised in the security attack.

Tinder and Airbnb are among those which accept Facebook log-ins as an alternative to creating an account.

Initially Facebook had suggested it was possible platforms such as these could also have been compromised.

The firm's former security chief said this was a consequence of having to report a breach at an early stage of the investigation.

The breach was announced on Friday 28 September, one day after Facebook notified the Irish data regulator, but with many unanswered questions .

Alex Stamos, who left his post as the firm's chief security officer in August, tweeted that new European privacy laws mean that firms must report data breaches before they know full details themselves.

The General Data Protection Regulation (GDPR) legislation, introduced in May 2018, states that a firm must report any security breach within 72 hours.

Skip Twitter post by @alexstamos

Interesting impact of the GDPR 72-hour deadline: companies announcing breaches before investigations are complete.

1) Announce & cop to max possible impacted users.2) Everybody is confused on actual impact, lots of rumors.3) A month later truth is included in official filing. https://t.co/VSCVfYB8om

— Alex Stamos (@alexstamos) October 1, 2018

End of Twitter post by @alexstamos

"You can do incident response quickly or not correctly, but not both!" he wrote.

However, some people responding argued that the public had a right to know sooner rather than later.

"The 72-hour notification brings the customer needs to the forefront, rather than shareholder value," tweeted James.

Skip Twitter post by @jamgia

If I was in charge of #IncidentResponse I would want more time. But normally I'm the customer (or victim) - and I'd like to know asap, so I know what data/credentials etc are at risk. The 72hr notification brings the customer needs to the forefront, rather than shareholder value.

— James (@jamgia) October 1, 2018

End of Twitter post by @jamgia

The background

Up to 50 million Facebook accounts are believed to have been left exposed in the breach, announced last week.

An additional 40 million users were also logged out as a precautionary measure.

The issue, which was based on a weakness in a feature allowing Facebook members to view how their profile appeared to others, has now been fixed.

In a blog publicising the latest information on the attack, Guy Rosen, vice-president of product management, wrote that there was no evidence "so far" that attackers had accessed any apps using Facebook log-ins.

The breach was a result of a change made by Facebook in July 2017.

It is not yet known whether the hack affected its corporate chat app, Workplace.

The firm has no evidence yet to suggest that it has, reports Reuters.

Read More




Leave A Comment

More News

Reuters: Business News

BBC News - Business

Business News - UPI.com

Christian Science Monitor |

Home Page

Business

Disclaimer and Notice:WorldProNews.com is not the owner of these news or any information published on this site.