Expert On Facebook Was Repeatedly Warned Of Security Flaw That Led To Biggest Data Breach In Its History

The Telegraph is reporting Facebook knew about a huge security flaw that let hackers to steal personal data from millions of its users almost one year before the crime, yet failed to fix it in time. Legal documents show that the company was repeatedly warned by its own employees as well as outsiders about a dangerous loophole that eventually led to the massive data breach in September 2018. Despite this, the loophole remained open for nine months after it was first raised, leading employees to later speak of their “guilt” and “hurt” at knowing that the attack “could have been prevented”. The breach, which involved stealing digital access tokens used by Facebook to verify users’ identity without needing their passwords, exposed the names, phone numbers and email addresses of 29 million people and a host of more intimate data for 14 million accounts.

Experts Comments

February 11, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
All organisations knowingly, or unknowingly make risk-based security decisions. There are inevitably more vulnerabilities and issues which need fixing than there are resources, so there will always be some issues which will take priority over others. Even when something appears to be a 'simple' fix, like a patch, it can take significant resources to test and validate that the fix won't have any unintended consequences which impact other systems or open up another, more serious vulnerability. .....Read More
All organisations knowingly, or unknowingly make risk-based security decisions. There are inevitably more vulnerabilities and issues which need fixing than there are resources, so there will always be some issues which will take priority over others. Even when something appears to be a 'simple' fix, like a patch, it can take significant resources to test and validate that the fix won't have any unintended consequences which impact other systems or open up another, more serious vulnerability. With that being said, Facebook is unlike the majority of organisations in the world. It has vast amounts of highly sensitive and personal information belonging to its users and it should take all measures possible to protect its users' information. Be that from inadvertent, or deliberate misuse, either from a legal, or ethical perspective. Such leaks from Facebook are a treasure trove for people with ill intent, something that came to light with the Cambridge Analytica event.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.