Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Facebook Owner Hit With 251 Million Euros in Fines for 2018 Data Breach

EU privacy watchdogs hit Facebook owner Meta with fines totaling 251 million euros after an investigation into a 2018 data breach that exposed millions of accounts.

European Union privacy watchdogs hit Facebook owner Meta with fines totaling 251 million euros on Monday after an investigation into a 2018 data breach on the social media platform that exposed millions of accounts.

Ireland’s Data Protection Commission issued the penalties after wrapping up its inquiry into the breach, when hackers gained access to user accounts by exploiting bugs in the platform’s code that allowed them to steal digital keys, known as “access tokens.”

Under the 27-nation EU’s strict privacy regime, the Irish watchdog is Meta’s lead privacy regulator because the company’s regional headquarters are based in Dublin.

The watchdog issued reprimands and “administrative penalties” worth 251 million euros ($264 million) after it found multiple infringements of the rules, known as the General Data Protection Regulation.

The company said it would appeal the decision.

“This decision relates to an incident from 2018. We took immediate action to fix the problem as soon as it was identified,” Meta said in a statement. The company said it “proactively informed people impacted” as well as the Irish watchdog.

When it first disclosed the problem, Facebook said 50 million user accounts were affected. But the actual number was around 29 million, including 3 million in Europe, the Irish watchdog said Tuesday.

The company has said that after discovering the bug, it alerted the FBI and regulators in the U.S. and Europe.

Advertisement. Scroll to continue reading.

The hack involved three distinct bugs in Facebook’s “View As” feature, which let people see how their profiles appear to others. The attackers used the vulnerability to steal access tokens from the accounts of people whose profiles came up in searches using the “View As” feature. The attack then moved from one user’s Facebook friend to another. Possession of those tokens would allow attackers to control those accounts.

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

MorganFranklin Cyber has appointed Keith Hollender as CEO and member of the Board of Directors.

Lisa Banks has been named Chief Financial Officer at Abnormal Security.

Threat detection and response company Trellix has appointed Vishal Rao as its new CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.