There’s more data to protect than just your Facebook profile.
SAN FRANCISCO – Mark Zuckerberg is facing a major public reckoning following the massive Facebook data breach as a cascade of crises catch up with the social media giant.
This isn’t the first time the Facebook CEO’s leadership has been questioned, but the ever-growing list of problems – Cambridge Analytica, Russian election interference, the spread of disinformation – is prompting tough new scrutiny of Zuckerberg’s leadership and his management team. Attackers exploited three flaws in Facebook’s code to break into tens of millions of personal accounts.
“The hack is just another symptom of a bigger problem, which is that the company is not well managed,” Pivotal Research Group analyst Brian Wieser told USA TODAY.
Facebook’s popularity and profitability have deflected concerns in the past, but its track record over the past two years should concern investors, analysts are warning. On Tuesday, the company’s resilient stock (FB) was down for the second consecutive day since the breach was disclosed.
“The Facebook board has to get to the bottom of why these systemic problems keep happening. Is it Mark Zuckerberg’s responsibility? If so, he might not be the right person to be CEO of the company. Is it Sheryl Sandberg’s responsibility? In which case, she might not be the right person to be COO,” he said.
Facebook declined to comment.
Facebook’s latest bad news – the largest hack in its 14-year history – compromised the data of nearly 50 million accounts and exposed the data of 40 million more.
Details about the attack are still sparse. Facebook says it doesn’t yet know who was behind the attack and has released few details on who was affected or what data was stolen. Also unclear is whether the hackers used the access they gained to millions of Facebook accounts to get into the thousands of other services such as Tinder and Pinterest that take Facebook credentials.
As politicians and regulators demand investigations, analysts are sounding alarms.
“We see this recent security problem adding to already significant concerns about the company and its management,” CFRA analyst Scott Kessler wrote in a research note Monday.
So far the Facebook hack has not touched the same kind of nerve that this year’s disclosed leak of personal information to Donald Trump-connected political targeting firm Cambridge Analytica did, but that could change. Facebook revealed the latest data breach late on a Friday as the nation was transfixed by Supreme Court nominee Brett Kavanaugh’s contentious Senate confirmation hearing.
The main question facing regulators: Did Facebook do enough to safeguard its more than 2 billion users’ data before the hack? Zuckerberg, whose personal account was also breached, said last week that Facebook is boosting spending on security staff and technology, areas it already invested heavily in.
The company raised eyebrows in September when security chief Alex Stamos resigned to join Stanford University as an adjunct professor after reports he disagreed with Facebook management over its handling of Russian manipulation on the platform. Facebook assigned his responsibilities to others and reorganized his team, putting security staffers directly in product and engineering teams to respond more quickly to crises but said it would not appoint a replacement.
“The reality here is we face constant attacks from people who want to take over accounts or steal information. I’m glad we identified this one, fixed the vulnerability and secured the accounts that may be at risk. But we need to do more to prevent this from happening in the first place,” Zuckerberg told reporters Friday.
A Facebook executive said Monday the data breach was the result of a “sophisticated attack.” Speaking on an Advertising Week panel, the company’s global head of marketing, Carolyn Everson, said Facebook could detect the hackers “only when they made a certain move.”
Facebook warned some business customers Tuesday that their internal data might be in jeopardy, too, if they began using Workplace – a version of Facebook targeted just at companies – before June 2016 and linked the account to their personal Facebook account. Facebook says only a small percentage of accounts are still linked.
Europe could fine Facebook $1.63 billion
Ireland’s Data Protection Commission, the lead privacy regulator of Facebook in Europe, is expected to open a formal investigation later this week. It was told Monday by Facebook that the number of potentially affected accounts in the European Union is less than 10 percent of the 50 million. It’s not clear how many of the rest are Americans. In a tweet, Facebook said Monday it’s working to confirm the “the location of those potentially affected” and plans to release more information soon.
Facebook was forced to disclose the attack much faster and more publicly to comply with strict new privacy rules in the European Union, which require notification within 72 hours. The breach could result in a $1.63 billion fine – 4 percent of its global annual revenue in 2017 – if European regulators find the company violated those rules.
Distrust of Facebook’s handling of the private information of its users dates nearly to the formation of the company in a Harvard dorm room in 2004 but has grown in Europe and the U.S. as problems keep piling up.
Zuckerberg faced tough questions on Capitol Hill about his company’s business and privacy practices in the spring and, last month, Facebook’s chief operating officer Sandberg was summoned, too. The European Commission, the executive arm of the 28-member bloc, recently demanded that Facebook explain to consumers how their data is being used or face sanctions in several countries.
The data breach affecting tens of millions of Facebook users comes at a sensitive time for the company. The Federal Trade Commission and other agencies are already investigating Facebook over Cambridge Analytica improperly accessing the personal information of 87 million users without their consent. And public sentiment has been soured by the steady drumbeat of controversies including revelations about Facebook’s role in spreading Russian propaganda during and after the 2016 presidential election.
“This really isn’t going to help Facebook’s image. It’s going to make its users even more nervous about their privacy than they already are,” eMarketer analyst Debra Aho Williamson said. “They are worried about how their data is being used by Facebook, and with this news, they also need to worry about whether their data is being used by hackers.”
Last week, Facebook was caught using phone numbers provided for security purposes to target Facebook users with ads. At a time when the company is under fire for alleged political bias, its public policy chief was seated just behind Kavanaugh during Friday’s Senate confirmation hearing. Facebook says he was there in a personal capacity, not representing the company.
Read or Share this story: https://www.usatoday.com/story/tech/news/2018/10/02/mark-zuckerberg-and-facebook-team-take-heat-massive-data-breach/1490895002/