Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Irish Data Authority Probes Facebook Photo Breach

The Irish data watchdog on Friday launched an investigation into Facebook, after the social media titan admitted a “bug” may have exposed unposted photos from up to 6.8 million users.

The Irish data watchdog on Friday launched an investigation into Facebook, after the social media titan admitted a “bug” may have exposed unposted photos from up to 6.8 million users.

The Irish Data Protection Commission (DPC) probe will take place under strict new European privacy laws outlined in the General Data Protection Regulation (GDPR).

It follows a similar probe launched in October — when Facebook admitted a security breach exposed 50 million user accounts.

“The Irish DPC has received a number of breach notifications from Facebook since the introduction of the GDPR on May 25, 2018,” said head of communications Graham Doyle.

“With reference to these data breaches, including the breach in question, we have this week commenced a statutory inquiry examining Facebook’s compliance with the relevant provisions of the GDPR.”

The Irish DPC has primary European jurisdiction over Facebook as the California-based firm has established its international headquarters in Dublin.

GDPR legislation gives regulators vast powers to sanction firms failing to sufficiently secure personal data.

Corporations can be fined up to four percent of their annual global turnover if they neglect to conform.

That means Facebook faces a theoretical fine of 1.4 billion euros ($1.6 billion), based on its 2017 annual revenue of 35.2 billion euros ($40.6 billion).

On Friday Facebook said using the social media login and granting permission to third-party applications to access photos may have led to the unintended breach between September 13 and 25.

“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline,” engineering director Tomer Bar announced in a message to developers.

“In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories.”

The earlier October DPC investigation was launched after Facebook admitted attackers exploited a vulnerability in the website’s code in a manner which could have granted access to private accounts.

That probe has been touted as the first major test of GDPR legislation.

Facebook is already under scrutiny as a result of its role in the Cambridge Analytica (CA) data scandal.

Following revelations from a whistleblower it was revealed that tens of millions of users had their personal data hijacked by CA, a political firm working for Donald Trump in 2016.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.