Social Network Spiraling - Everything Going On with Facebook Up Until Now | blog

Social Network Spiraling - Everything Going On with Facebook Up Until Now

By David Gamey - 04 Oct 2018.

Tags:

blog
x

In case you missed it, Facebook has had some issues recently and its only getting uglier. Catch up on the news below:

September's Breach

The most recent breach announcement came late last week and the exposure lasted over 13 months:

User single-signon “access tokens” were exposed through the “view as” feature. At least 53M users with a further 40M user accounts reset as a precaution https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html
Brian Krebs article on the breach https://krebsonsecurity.com/2018/09/facebook-security-bug-affects-90m-users/
More details on how the attack exploited multiple bugs and put many other applications that use Facebook single-signon logins at risk https://www.forbes.com/sites/thomasbrewster/2018/09/29/how-facebook-was-hacked-and-why-its-a-disaster-for-internet-security/

As the new week dawned we began to get more information as Facebook rushed to comply with GDPR notification requirements:

(Updated) Facebook detected breach on September 16th, 11 days before their GDPR notice https://www.cnn.com/2018/10/04/tech/facebook-hack-explainer/index.html
Facebook submits their initial GDPR notification https://www.databreachtoday.com/facebook-submits-gdpr-breach-notification-to-irish-watchdog-a-11573
A lack of details naturally leads to public uncertainty and frustration. Possibly an unintended consequence of the new regulations. https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/10/02/the-cybersecurity-202-facebook-disclosed-a-major-hack-very-quickly-but-the-alert-was-short-on-details/5bb24c311b326b7c8a8d1797/ and https://www.schneier.com/blog/archives/2018/10/theeffectsof_5.html
Speculation mounts over the potential for fines of up to $1.63B https://www.wsj.com/articles/facebook-faces-potential-1-63-billion-fine-in-europe-over-data-breach-1538330906
Ireland among the first to prepare for an investigation https://www.irishexaminer.com/breakingnews/world/eu-preparing-to-investigate-facebook-over-latest-data-breach-873019.html
_(Updated) A class-action lawsuit has been proposed in Canada against Facebook [https://www.huffingtonpost.ca/2018/10/01/facebook-security-breach-lawsuit-canada\a_23547591/](https://www.huffingtonpost.ca/2018/10/01/facebook-security-breach-lawsuit-canada_a_23547591/)
_(Updated) _Hackers accessed personal information of 30 million Facebook users https://www.cnn.com/2018/10/12/tech/facebook-hack-personal-information-accessed/index.html
_(Updated) _Facebook hack victims will not get ID theft protection http://www.bbc.co.uk/news/technology-45845431

More information emerges about the impact, remediation, and GDPR as the week goes on:

_(Updated) _Proliferation of useless advice in the wake of the Facebook breach https://www.cnet.com/news/after-facebooks-hack-theres-a-lot-of-useless-post-breach-advice/
Initially, the impact on single-signons to other apps is unclear https://www.wired.com/story/facebook-security-breach-third-party-sites/
Tinder, Pinterest and others struggle to determine how Facebook hack affects their users https://money.cnn.com/2018/10/01/technology/facebook-hack-tinder-pinterest/index.html
Potentially thousands of apps could be affected https://www.nytimes.com/2018/10/02/technology/facebook-hack-other-sites.html
Early adopters of Facebook's Workplace collaboration tool may have also been affected https://www.businessinsider.com/facebooks-warns-some-business-customers-about-its-giant-data-breach-2018-10
Facebook claims that NO 3rd party apps were exploited https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-hack-update-external-app-website-data-breach-a8566561.html

Other Recent Issues

Even without the breach Facebook has had other security and privacy issues come to light:

Users who provided a security phone number for two-factor authentication will be upset to find out they also used it to was push ads https://www.eff.org/deeplinks/2018/09/you-gave-facebook-your-number-security-they-used-it-ads
They keep shadow contact information about you, the problem is you can’t see it or even find out if it exists. And of course it is also used to push ads via the “custom audience” feature https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
Child experts file FTC complaint against Facebook kids' app https://business.financialpost.com/pmn/business-pmn/child-experts-file-ftc-complaint-against-facebook-kids-app
Facebook is being sued for allegedly facilitating sex trafficking https://www.thedailybeast.com/facebook-sued-for-allegedly-facilitating-sex-trafficking

A few very recent developments that would normally be positive are likely being completely drowned out by the bad news:

New anti-harassment tools were announced https://gizmodo.com/facebook-makes-it-easier-to-report-bullies-1829465444
Warnings issued to police over the use of fake accounts was largely overshadowed https://www.eff.org/deeplinks/2018/09/facebook-warns-memphis-police-no-more-fake-bob-smith-accounts

Facebook's Annus Horribilis

Facebook is still dealing with the fallout from previous troubles. In fact 2018 has been a terrible year:

(Updated) Are Facebook's breach, privacy troubles, and fix attempts to blame for loosing 30% of its value since July https://www.cnn.com/2018/10/11/tech/facebook-stock-dip/index.html
A GDPR notice from July came to light last week over the previous Facebook/AIQ related events https://www.zdnet.com/article/uk-issues-first-ever-gdpr-notice-in-connection-to-facebook-data-scandal/
UK law firm seeks to expand on lawsuit started over previous troubles https://www.telegraph.co.uk/technology/2018/10/03/facebook-hit-uk-legal-claim-massive-data-breach/
Those troubles have been featured in 38 out of 81 of our weekly security news roundups and have included:

previous

This Week’s [in]Security – Issue 79

next