Facebook today said the site was hit last week with a massive security breach, after hackers were reportedly able to gain access to accounts belonging to as many as 50 million of the site’s users.
The breach was discovered on Tuesday by the social media network’s engineering team. The company said that hackers had exploited a vulnerability in the site’s “view as” feature, a privacy control that allows users to see what their profile looks like to others. A reported bug in this feature allowed attackers to steal “access tokens” — or digital keys that allow people to stay logged in after multiple sessions — which the hackers then allegedly used to take over users’ accounts.
Facebook said it has since fixed the vulnerability. Anyone affected by the breach was logged out of the network on Friday morning and prompted to re-log-in for security purposes.
“People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened,” Facebook said in a Friday statement on the newsroom portion of its site.
 |
The company also said that it doesn’t currently know the attackers’ identity or their country of origin. An internal investigation into the matter is still in its early stages, and Facebook hasn’t yet fully assessed the scope of the attack, when it happened or what information was accessed from users’ accounts. It has notified the FBI about the breach and, per Europe’s new GDPR regulations, has informed the Irish Data Protection Commission.
“This is a really serious security issue. And we’re taking it really seriously,” Facebook CEO Mark Zuckerberg said today in a conference call with reporters. “We have a major security effort at the company that hardens all of our surfaces, and investigates issues like this. In this case, I’m glad that we found this and that we were able to fix the vulnerability and secure the accounts. But it definitely is an issue that this happened in the first place.”
The breach is the latest development in what has become an ongoing security drama for the company, coming only months after it was discovered that Trump-linked data analysis and political consulting firm Cambridge Analytica illicitly harvested the data of an estimated 87 million Facebook users in order to pitch them political messages in the months leading up to the 2016 presidential election.
Prior to that, the site had been excoriated for allowing Russia-backed propaganda outfits to purchase political ads and circulate millions of items of misleading content over the site’s news feed.
For its part, however, Facebook’s PR response to this latest crisis appears to be far more bullish and transparent than its role in previous scandals. The site announced the hack on its own volition today, beating the press to the story. The company was also on the ball in fixing the technical aspects of a problem it had learned about only three days before, a far cry from how Facebook handled the Cambridge Analytica leak, which the company had allegedly known about since 2015 yet never shared with the public until the press broke the story in early 2018.
“Facebook has finally learned from its mistakes in crisis communications,” Curtis Sparrer, co-founder and principal of Bospar, told O’Dwyer’s. “Instead of waiting months or years to disclose bad news to the public like they did in the past, Facebook did the right thing and alerted us now. Our research shows that most Americans expect companies like Facebook to reveal such breaches in a week’s time and actually reward companies for being responsive and transparent. We hope to see this trend continue.”
There’s a fine line between newsjacking and taking advantage, aka ambulance chasing. Our job as PR professionals is to tread it carefully.
PR firms need to be mindful of ways their work product may be protected by the attorney-client privilege whenever working with a client’s internal legal team or its external legal counsel.
Manuel Rocha, former US ambassador and intenational business advisor to LLYC, plans to plead guilty to charges that he was a secret agent for Cuba.
CEO mentoring is an often-overlooked aspect of why CEOs are able to make good decisions, and sometimes make bad ones—all of which intersects with the role and duties of a board. 
How organizations can anticipate, prepare and respond to crises in an increasingly complex world where a convergent landscape of global challenges, threats and risks seem to arrive at an unrelenting pace.
Have a comment? Send it to 
No comments have been submitted for this story yet.