Meta Fined $263 Million Over 2018 Security Breach That Affected 3 Million EU Users (techcrunch.com) 17
Meta has been fined around $263 million in the European Union for a Facebook security breach that affected millions of users which the company disclosed back in September 2018. From a report: The penalty, issued on Tuesday by Ireland's Data Protection Commission (DPC) -- enforcing the bloc's General Data Protection Regulation (GDPR) -- is far from being the largest GDPR fine Meta has been hit with since the regime came into force over five years ago but is notable for being a substantial sanction for a single security incident.
The breach it relates to dates back to July 2017 when Facebook, as the company was still known then, rolled out a video upload function that included a "View as" feature which let the user see their own Facebook page as it would be seen by another user. A bug in the design allowed users making use of the feature to invoke the video uploader in conjunction with Facebook's 'Happy Birthday Composer' facility to generate a fully permissioned user token that gave them full access to the Facebook profile of that other user. They could then use the token to exploit the same combination of features on other accounts -- gaining unauthorized access to multiple users' profiles and data, per the DPC.
The breach it relates to dates back to July 2017 when Facebook, as the company was still known then, rolled out a video upload function that included a "View as" feature which let the user see their own Facebook page as it would be seen by another user. A bug in the design allowed users making use of the feature to invoke the video uploader in conjunction with Facebook's 'Happy Birthday Composer' facility to generate a fully permissioned user token that gave them full access to the Facebook profile of that other user. They could then use the token to exploit the same combination of features on other accounts -- gaining unauthorized access to multiple users' profiles and data, per the DPC.
Meh (Score:3)
Re: Meh (Score:2)
Re: (Score:2)
I have to check - they're the scammers that run "FaceBook", aren't they? Are they still recommending that you "friend" thugs and rapists? Is there anything else of note that would make one actually be interested in news about them?
Re: Meh (Score:2)
"Mehta" (Score:2)
Meh
"Mehta" (or how I like to call them: "Mehta[stasize]")
Re: (Score:2)
So, now we know Facebook's profit/ account (Score:4, Interesting)
If Facebook change significantly, we have a handle on their estimated profit/ user for this "free" service. If they don't change, we know that their profit/ user is high enough that this doesn't matter.
I must remember to log in this year, "friend" a few dozen high profile accounts, then "unfriend" them, just to piss in their database.
Re: So, now we know Facebook's profit/ account (Score:2)
$363 Mil / $134 billion revenue = 1/10th percent (Score:2)
1 tenth of a percent, roughly equivalent to a person making $100k losing $200 in one year.
Title correction: (Score:3)
There FTFY.
\o/ (Score:3, Interesting)
It's so good to know that you have such strong protections for ordinary people.
Presumably the fine is divided equally amongst the victims and deposited directly into their accounts.
Yes?
Re: (Score:1)
Re: \o/ (Score:1)
Yep. The slight against the victims is merely a tool used to extract money which will not benefit the victims in any tangible way.
Re: (Score:2)
Most victims are wholly unaffected, so what is the basis for them to receive $84?
Re: \o/ (Score:1)
No doubt, yet potential damage is the root of the fine.