As we previously noted, Facebook originally announced a breach late last month, where hackers took advantage of a code vulnerability in the website’s “View As” feature, to access user’s data. However, on October 12, 2018, Facebook stepped back the number of affected accounts from fifty to roughly thirty million, and it acknowledged that hackers were able to view varying levels of information for different accounts. 

For about fourteen million of the users, hackers were able to view a user’s fifteen most recent Facebook searches, the last ten places that he or she was checked into or tagged at, phone number, email address, hometown, birthdate, relationship status, religion, and what pages on Facebook they were following. For another fifteen million users, the hackers were able to view the user’s name, phone number and email address, while about one million users were affected, but without any personal data made available. However, Facebook stated that the hackers did not gain access to account passwords or credit card information

While the update from Facebook acknowledged that millions less than originally thought were affected, it confirmed that various data points were taken by the hackers. Facebook advised that the FBI is currently investigating the matter. Further, regulators will now be left with how to address the breach and Facebook. It will be interesting to see how this matter unfolds, and what steps, if any, are taken by domestic or foreign administrative bodies.

Particularly, with Europe’s General Data Protection Regulation (GDPR) now in play, regulators in Europe will have significant sanctions at their disposal, including a fine of up to four percent of Facebook’s annual global revenue—if it is found to have breached GDPR. Given that Facebook made roughly $40.65 billion in revenue last year, a GDPR fine could total around $1.63 billion. We’ll be sure to look out for future developments on this matter.

[View source.]