Facebook, which is already facing heavy scrutiny over the way it handles its users’ private data, said Friday that its computer network had been hit by a cyberattack that resulted in exposing personal information for close to 50 million users.
The security breach, which this week was discovered, was the largest in the 14-year history of the company. The FB attackers exploited one of the features in a code of Facebook to gain access to the accounts and potentially take over control of them.
This news could not have arrived at a worse time for the social media giant. It was criticized harshly over the past year by scandal, from revelations that an analytics firm in Britain gained access to private data of more than 87 million users to worries over the disinformation placed on Facebook that affected the November 2016 elections.
Senior Facebook executives testified on several occasions in 2018 at congressional hearings where some Capitol Hill lawmakers had suggested that the government needed to step in if the social media industry was not able to gain tighter control of its overall services.
Lawmakers and regulators on Friday quickly seized on the new breach to renew calls for additional oversight.
Facebook’s VP of product management Guy Rosen did not say whether the attack may have been coordinated with the support of a nation-state.
Three flaws in software in the Facebook system allowed the hackers to breach user accounts, including those to the highest executives Mark Zuckerberg and Sheryl Sandberg, said two people who are familiar with the ongoing investigation, but requested anonymity.
Facebook said the vulnerabilities had been fixed and it notified officials in law enforcement. Officials with the company do know the origin or the identity of the hackers nor do they have a full assessment of the scope of this attack or if it was targeted at particular users.
Critics were quick to say the attack was just another sign that Facebook still cannot come to terms with problems it has.
Facebook has received much criticism for not acknowledging in a quicker manner the huge disinformation campaign carried out by Russian operatives on the platform and on other outlets of social media prior to the presidential election of 2016.