The social network has become too social.
Facebook announced Sept. 28 that hackers compromised 50 million accounts, a move that will almost assuredly play into a storm of proposals from Congress to regulate the social media giant.
In a statement, the company said that “attackers exploited a vulnerability in Facebook’s code” which allowed them to swipe the “digital keys that keep people logged in.”
In a conference call with reporters Sept. 28, Facebook leaders said they notified as many as 90 million users about the incident. A spokesperson for the company said Facebook first noticed the breach in mid-September and saw “sophisticated adversaries” launch an attack Sept. 25.
The event marks one of the largest breaches in the company’s history. An investigation is in its early stages.
Users were automatically logged out of their accounts starting Thursday night, which allowed the company to reset the compromised profiles. Facebook’s preliminary investigation found victims were not confined to one geographic location.
It is not clear who the attackers are.
Nearly immediately after news of the breach broke, at least two legislators, Sens. Mark Warner, D-Va. and Ed Markey, D-Mass., called for an immediate investigation.
Federal Trade Commissioner Rohit Chopra’s demand was similarly straightforward; “I want answers.”
In a Facebook post, U.S. Army Operations Security warned its followers about the hacking of Facebook accounts.
“It is a reminder at just how complex our digital environment is,” April Doss, an attorney at Saul Ewing Arnstein & Lehr and former associate general counsel at the NSA told Fifth Domain. “There will be more and more investigations and calls for regulation both within the U.S. and overseas.”
Doss said regulations should focus on outcomes or process. “It would not make sense to require a particular type of encryption or something else that is obsolete or even counterproductive in six months.”
Instead, Doss said regulators should consider providing incentives for large social media companies, such as not requiring the companies to let users know they have been breached if their data is already encrypted.
But the hack comes at a tumultuous time. Facebook’s stock price has dropped 16 percent in three months.
Facebook has acknowledged to being a vehicle for Russian and Iranian disinformation have targeted the American electoral process. The social media platform has been an outlet for individuals to spread hate speech in countries accused of ethnic cleansing, like Myanmar and South Sudan.
Some lawmakers have suggested regulating the social media giant to give consumers better protection over their own data.
“This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I’ve said before — the era of the Wild West in social media is over,” Warner said in a statement.
In a white paper released this summer, Warner argued that Facebook and other social media companies should hire public interest researchers who can audit data for security reasons. He also suggested that data collection should require users consent.
Users should be offered remedies when a breach occurs, Sens. Amy Klobuchar, D-Minn., and John Kennedy, R-La., proposed in an April bill.