Meta Fined $263 Million Over 2018 Security Breach That Affected 3 Million EU Users

Meta has been fined around $263 million in the European Union for a Facebook security breach that affected millions of users which the company disclosed back in September 2018. From a report: The penalty, issued on Tuesday by Ireland's Data Protection Commission (DPC) -- enforcing the bloc's General Data Protection Regulation (GDPR) -- is far from being the largest GDPR fine Meta has been hit with since the regime came into force over five years ago but is notable for being a substantial sanction for a single security incident.

The breach it relates to dates back to July 2017 when Facebook, as the company was still known then, rolled out a video upload function that included a "View as" feature which let the user see their own Facebook page as it would be seen by another user. A bug in the design allowed users making use of the feature to invoke the video uploader in conjunction with Facebook's 'Happy Birthday Composer' facility to generate a fully permissioned user token that gave them full access to the Facebook profile of that other user. They could then use the token to exploit the same combination of features on other accounts -- gaining unauthorized access to multiple users' profiles and data, per the DPC.

Meh

[commodore73]

Meh

Re: Meh

[commodore73]

Dang, if I got frosty p, this site must really be dying. I have learned so much here that n (checks notes) 25 years, from many of the smartest and most humorous multidisciplinary trollers on the internet. I thank you all. There are many of you that I would like to meet in person.

Re:

[RockDoctor]

Alternatively, nobody here give a shit about Meta.

I have to check - they're the scammers that run "FaceBook", aren't they? Are they still recommending that you "friend" thugs and rapists? Is there anything else of note that would make one actually be interested in news about them?

Re: Meh

[commodore73]

Anything about their demise is good news to me and worth celebration. This particular bit is too small to matter at all. They invented the narcigram (and then bought it). Anyone working there should rot.

"Mehta"

[Sebby]

Meh

"Mehta" (or how I like to call them: "Mehta[stasize]")

Re:

[commodore73]

Oh, we're way past stage 4 by now.

So, now we know Facebook's profit/ account

[RockDoctor]

263 M$ divided by 3 Muser ~= 84 $/user. Over what time period?

If Facebook change significantly, we have a handle on their estimated profit/ user for this "free" service. If they don't change, we know that their profit/ user is high enough that this doesn't matter.

I must remember to log in this year, "friend" a few dozen high profile accounts, then "unfriend" them, just to piss in their database.

Re: So, now we know Facebook's profit/ account

[commodore73]

All these rich tech bros are just playing games with peoples lives at this point. Considering Leon's perspective on LinkedIn users, I wonder if his assets are in use to contribute to its demise, which seems unstoppable. People are becoming the minimum viable product.

$363 Mil / $134 billion revenue = 1/10th percent

[will4]

1 tenth of a percent, roughly equivalent to a person making $100k losing $200 in one year.

Title correction:

[Sebby]

Meta[stasize] Fined $263 Million Over 2018 Privacy Molestation That Affected 3 Million EU Users

There FTFY.

\o/

[easyTree]

It's so good to know that you have such strong protections for ordinary people.

Presumably the fine is divided equally amongst the victims and deposited directly into their accounts.

Yes?

Re:

[Puc Rotte]

No, these fines go into the regular EU funding. The EU member states then need to put ~250 million euros less into it. So it doesn't directly flow to the member states, but it means less money flows from the into the EU.

Re: \o/

[easyTree]

Yep. The slight against the victims is merely a tool used to extract money which will not benefit the victims in any tangible way.