A massive security breach is just the latest chapter in a bad year for the tech giant.
After a bad year, Facebook needed to regain its users’ trust
The fourth quarter of 2018 started at the beginning of this week, and there are probably few people who are looking forward to turning their backs on 2018 more than Mark Zuckerberg. This year has been something of an ‘annus horribilis’ for the Facebook CEO. Having perhaps thought that the worst was behind him with Russian interference in the US presidential campaign, the social media platform was hit with accusations that it had allowed Cambridge Analytica, a political consulting firm, to harvest data from up to 87 million Facebook users. Cambridge Analytica then used that data in the campaign that helped elect Donald Trump to the US presidency. This, along with the introduction of GDPR in the European Union, was blamed for Facebook losing daily active users in Europe, flatlining in North America and the resultant slow-down in revenue growth in Q2 of this year. The conclusion? Facebook needed to work on regaining its users’ trust in order to guarantee its future prosperity.
And then, 50 million user accounts are hacked
Unfortunately, things sometimes don’t go according to plan. Last week, Facebook discovered its most severe security breach to date, impacting 50 million user accounts. The ‘view as’ tool lets users understand their privacy settings: a bug allowed hackers to use this functionality to take over user accounts, meaning they could see everything in the user’s profile and, potentially, in any third party sites that users logged into with their Facebook accounts, for example Tinder, Airbnb and Spotify. Facebook acted to secure these accounts but the damage has been done: Zuckerberg said ‘I’m glad that we found this and were able to fix the vulnerability, but it is definitely an issue that it happened in the first place.’ What’s more, this is the second serious security breach for Facebook in recent months – in June, a bug made 14 million people’s private posts publicly viewable to anyone.
A test of the EU’s GDPR
While it is estimated that only 10% of users affected by this month’s breach were in the European Union, it is the EU that is the biggest headache for Facebook in this saga. GDPR requires companies that store the data of European citizens to declare any security breaches of this nature within 72 hours: Facebook notified the Irish Data Protection Commission which is now assessing whether it needs to carry out an enquiry. If it does, and Facebook is found to have been negligent in its duty of care for customer data, it could face a maximum fine of 4% of its annual global turnover – $1.63 billion. This is the first major test of GDPR, but the EU does have form for implementing large penalties to tech companies. It fined Google $2.8bn in 2017 for violating antitrust rules with its online shopping practices, and earlier this year slapped the tech giant with a $5 billion fine for abusing its power to force smartphone operators to pre-install Google search apps on any phone using the Android operating system.
A battle on many fronts
Facebook is under fire from many fronts – federal investigations into its privacy and data-sharing practices, the possibility of increased regulation from the US congress following high-profile hearings on the privacy practices of the big tech companies – and now this latest fiasco.
Regain trust to keep advertisers
The priority for Zuckerberg as he looks to 2019 and beyond must be to regain the trust of users around the world. Consumers are increasingly wary of the big tech companies and how they use their data, and if they start to log off in their droves, advertising dollars will follow them.
Thumbnail image: Shutterstock