Mark Zuckerberg has, once again, failed to deliver on his vow to use data appropriately. (Wikimedia Commons)
Facebook has failed, once again, to protect its users’ data, even after pledging to treat it with care. Yet no one seems to even be batting an eye.
On September 28, Facebook released a report announcing its largest data breach to date, affecting up to 50 million accounts. The report also identified a combination of three errors in the programming of the website that allowed assailants to use an “access token” to infiltrate these accounts and how they’ve responded and tried to restore the situation.
It’s in the latter portion of their statement that I begin to raise my eyebrows. While Facebook proudly claims it has patched the vulnerability on its website —something that ever should have existed in the first place—and reset the access token for almost 90 million accounts that may have been affected by the attack, it is still omitting many of the specifics regarding the incident. For example, we still don’t know who conducted the assault, what the motive was, when it started to siphon data, and who, exactly, was impacted, and what bits of private information were stolen from them.
It has been almost 2 weeks since the attack was announced, and even longer since Facebook’s team started to investigate the issue.
What is alarming is the mutual apathy towards the issue from both the public and Facebook, which took 11 days to stamp out the assault on its website. And I am willing to bet that most people brushed the news aside in the midst of the Kavanaugh hearings and haven’t given it much thought since. If Facebook doesn’t have an audience who truly cares about the data breach, why should they expend time and resources safeguarding private information?
Soon this may become the norm. Users cared more about the Cambridge Analytica scandal and Russia’s political Facebook ads because it endangered their beliefs by giving Donald Trump the upper hand in the election, even though this most recent data breach could end up influence a much larger population. Unless their ideologies are jeopardized, users will continue to overlook the overwhelming volume of data hacks that make the headlines and simply move on, regardless of whether they were modified.
That’s not to say that Facebook isn’t being held accountable for its blunder. Ireland’s data regulator has already commissioned an investigation aimed towards evaluating whether Facebook established “appropriate technical and organizational measures to ensure the security and safeguarding of the personal data it processes.” Moreover, Facebook is capable of racking up more than $1.6 million in fines based on the European Union’s General Data Protection Regulation (GDPR).
The danger, nevertheless, of desensitization persists as Facebook’s administration continues to mistreat data. And who can blame them? After CEO Mark Zuckerberg testified earlier this year in front of Congress and promised to simply “do better,” almost no action has been taken by either lawmakers or Facebook itself to enforce Zuckerberg’s pledge. In lieu of actually repairing relationships between Facebook and its users, Zuckerberg continues to give pseudo-apologies every time a hack happens-then turning around and making the same mistakes.
So what can we do to hamper the desensitization towards data breaches and the exposure of private information?
Before anything else, if you have a Facebook account, protect it in the wake of the Facebook breach by changing your password, turning on two-factor authentication, and performing a device audit. You can’t change Facebook’s negligence, but you can change how you protect your personal information.
The crux of the matter is that attitudes have to adjust amongst Facebook and lawmakers.
Maybe it’s about time for a switch in leadership. After all, Zuckerberg has argued since 2010 that “privacy is no longer a social norm,” and the company seems to be in pushing in the direction of a more transparent world as it collects and sells data without the consent of its users.
Lawmakers also have to ramp up the intensity of their deterrents, as Facebook will happily take slaps on the wrist for its data misuse. The GDPR, instituted in May earlier this year, was a step in the right direction, as it imposed a larger fine on companies that mishandled data and required that companies announce a data breach within 72 hours of the attack.
If revision doesn’t ensue because of this hack, a rehashed version of the same scenario will take place a few months from now, almost guaranteed.
 
  
 
 
  
  
  
  
 