Meta Fined $263 Million Over 2018 Security Breach That Affected 3 Million EU Users

Meta has been fined around $263 million in the European Union for a Facebook security breach that affected millions of users which the company disclosed back in September 2018. From a report: The penalty, issued on Tuesday by Ireland's Data Protection Commission (DPC) -- enforcing the bloc's General Data Protection Regulation (GDPR) -- is far from being the largest GDPR fine Meta has been hit with since the regime came into force over five years ago but is notable for being a substantial sanction for a single security incident.

The breach it relates to dates back to July 2017 when Facebook, as the company was still known then, rolled out a video upload function that included a "View as" feature which let the user see their own Facebook page as it would be seen by another user. A bug in the design allowed users making use of the feature to invoke the video uploader in conjunction with Facebook's 'Happy Birthday Composer' facility to generate a fully permissioned user token that gave them full access to the Facebook profile of that other user. They could then use the token to exploit the same combination of features on other accounts -- gaining unauthorized access to multiple users' profiles and data, per the DPC.

Meh

[commodore73]

Meh

Re: Meh

[commodore73]

Dang, if I got frosty p, this site must really be dying. I have learned so much here that n (checks notes) 25 years, from many of the smartest and most humorous multidisciplinary trollers on the internet. I thank you all. There are many of you that I would like to meet in person.

Re:

[RockDoctor]

Alternatively, nobody here give a shit about Meta.

I have to check - they're the scammers that run "FaceBook", aren't they? Are they still recommending that you "friend" thugs and rapists? Is there anything else of note that would make one actually be interested in news about them?

Re: Meh

[commodore73]

Anything about their demise is good news to me and worth celebration. This particular bit is too small to matter at all. They invented the narcigram (and then bought it). Anyone working there should rot.

Re:

[RockDoctor]

Anyone working there should rot.

My wife spent a year or so as a sub-contractor doing "moderation" for them. Then, because of the war I guess, FB stopped moderating posts in Russian (or stopped employing sub-contractors - same thing as far as we're concerned). No effort, I assume to stop people posting comments in Russian - just no moderation. And the wife moved on to some other "project" involving native Russian speakers.

So, if you want to post drugs adverts, CSAM, whatever, "in Russian, on FB" is the way

Re: Meh

[commodore73]

I didn't mean that your wife should rot. I hope you took my point.

Re:

[RockDoctor]

I hope you took my point : people who work there don't necessarily support - or even know, or care about - $CvilCorp$ policies more than they need to know or do their job.

You wrote what you wrote.

Either you thought about it - in which case it says a lot about you.

Or you didn't think about it. Which also says a lot about you.

Re:

[commodore73]

Actually, my perspective is that people don't really have a choice but to work for evil corporations, because the system runs on money, and we need to eat, and many corporations do evil things (they are not people), and we're all part of the system. If you do sales and consulting, it's potentially even worse, because you have to go to whatever prospect/client you can, which means you have to support almost any industry. I was with a software company that refused to sell to porn and gambling clients. But eve

"Mehta"

[Sebby]

Meh

"Mehta" (or how I like to call them: "Mehta[stasize]")

Re:

[commodore73]

Oh, we're way past stage 4 by now.

So, now we know Facebook's profit/ account

[RockDoctor]

263 M$ divided by 3 Muser ~= 84 $/user. Over what time period?

If Facebook change significantly, we have a handle on their estimated profit/ user for this "free" service. If they don't change, we know that their profit/ user is high enough that this doesn't matter.

I must remember to log in this year, "friend" a few dozen high profile accounts, then "unfriend" them, just to piss in their database.

Re: So, now we know Facebook's profit/ account

[commodore73]

All these rich tech bros are just playing games with peoples lives at this point. Considering Leon's perspective on LinkedIn users, I wonder if his assets are in use to contribute to its demise, which seems unstoppable. People are becoming the minimum viable product.

$363 Mil / $134 billion revenue = 1/10th percent

[will4]

1 tenth of a percent, roughly equivalent to a person making $100k losing $200 in one year.

Re:

[RockDoctor]

So the effort of making the payment - establishing an accounting line for "fines", authorising someone to cut 10^8 $ cheques, and someone to authorise such cheques ; maybe setting up an actual bank account for paying fines - is comparable to the first fine (seeing AmMoJo's comment below).

Subsequent fines then are relatively cheaper, until the actual money value starts to hurt.

Crying me a river here. Poor Meta.

Oh look - a drought!

Re:

[AmiMoJo]

The way EU fines work is that the initial one is based on the harm done, not punitive. Then if they don't change their ways it increases until it's up to 4% of global revenue.

Title correction:

[Sebby]

Meta[stasize] Fined $263 Million Over 2018 Privacy Molestation That Affected 3 Million EU Users

There FTFY.

\o/

[easyTree]

It's so good to know that you have such strong protections for ordinary people.

Presumably the fine is divided equally amongst the victims and deposited directly into their accounts.

Yes?

Re:

[Puc Rotte]

No, these fines go into the regular EU funding. The EU member states then need to put ~250 million euros less into it. So it doesn't directly flow to the member states, but it means less money flows from the into the EU.

Re: \o/

[easyTree]

Yep. The slight against the victims is merely a tool used to extract money which will not benefit the victims in any tangible way.

Re:

[thegarbz]

Most victims are wholly unaffected, so what is the basis for them to receive $84?

Re: \o/

[easyTree]

No doubt, yet potential damage is the root of the fine.