By Corey Moss
Yesterday morning, I was met with the following Twitter response to a post from the day before:
Now indeed an enterprise business’ loss and limitation of communications capabilities over such a period of time could be damaging in certain ways. Comparing it to a breach may be talking apples and oranges in a sense – however in this instance I’ll compare two tech giants in terms of effect on the customer, along with trust and their own damage control.
I’ll say this for Cisco – I don’t believe that this will have a lasting effect at all, it may be more incentive for the company to up their game in ways they hadn’t yet considered to keep their customers satisfied. This, along with strengthening their overall engineering and response to make sure such a thing never happens again, something which CEO Chuck Robbins has stated in terms of the outage.
As for Facebook – this may just be the damage that the company could find to be a large irremovable nail in the coffin.
On November 28th the New York Times Facebook Security Breach Exposes Accounts of 50 Million Users opened with the following:
Facebook, already facing scrutiny over how it handles the private information of its users, said on Friday that an attack on its computer network had exposed the personal information of nearly 50 million users.
The breach, which was discovered this week, was the largest in the company’s 14-year history. The attackers exploited a feature in Facebook’s code to gain access to user accounts and potentially take control of them.
No credit card information or passwords were stolen. however if a picture was worth 1000 words…
Mark Zuckerberg truly is always front and center no matter the incident, good or bad – and that is of course a good thing. However, all that has gone on lately for him and the social media tech giant company could potentially be leading to the last straw.
People have of course known this face for a very long time…
These days – not so much.
Zuckerberg, the coder in the title, has been in hot water ever since being grilled before a U.S. Congress Committee concerning data privacy – the Cambridge Analytica data scandal.
In Mashable Mark Zuckerberg sets apologetic but determined tone at Facebook F8, Zuckerberg, in his keynote speech at the annual developer conference Facebook F8, addressed what Facebook planned to do to rebuild user trust that was damaged by the Cambridge Analytica scandal. It was also the first admittance by Zuckerberg that Facebook users did not have the control they should over the data Facebook collects on them — this being in a crucial moment for an enterprise company CEO, to deliver what would be considered one of the most important speeches of the year in front some of the most important people to Facebook.
What made this an even bigger admission, is the fact that it was something that Zuckerberg stopped short of admitting in his testimony in front of Congress, a hearing titled Facebook: Transparency and Use of Consumer Data.
The Facebook user trust factor, deeply affected.
Zuckerberg admitted in 2016, while visiting in Nigeria, that he missed his coding days – and I’m sure he also thought about it while facing the music in front of Congress. During his hours of testimony, the billionaire CEO said he was “sorry” about the scandal, in which the private information of more than 87 million people was collected illegally.
Though he did crack a bit sarcastic at times, it looks like that sarcasm is coming back to bite him — and so much for data oversight and privacy, that he and other industry CEO’s had continued to tout as highly important above all.
The security breach
A security update was posted on Facebook on September 28th:
By Guy Rosen, VP of Product Management
On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.
Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As” a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.
Read more here.
It was reported that Rosen, on Friday, declined to say whether the attack could have been coordinated by hackers supported by a nation-state. It was determined that three software flaws in Facebook’s systems allowed hackers to break into user accounts (according to people familiar with the investigation, but not allowed to discuss it publicly). Once in, the attackers could have gained access to apps like Spotify, Instagram and hundreds of others that give users a way to log into their systems through Facebook.
Software bugs, particularly awkward for a company that takes pride in its engineering, helmed by a former coder (engineers are considered the highest level experts, while the coder is tasked with writing straightforward pieces of code – they’re also known as “Junior Programmer”*). The first two bugs were introduced by an online tool meant to improve the privacy of users. The third was introduced in July 2017 by a tool meant to easily upload birthday videos.
A birthday video bug?? Good thing I don’t upload birthday videos to Facebook…
Now, as for the breach itself and the damaging effect potential for Facebook’s users – it could be a big international blow for the company as well.
According to the Wall Street Journal, Ireland’s Data Protection Commission, Facebook’s lead regulator in Europe, in step with a strict new regulation that went into force in May, said on Saturday that it demanded more information about the nature and scope of the hack which may have violated the EU’s new privacy law called the General Data Protection Regulation. Under the law, companies that don’t sufficiently protect user data face maximum fines of $23 million, or 4% of the company’s global annual revenue from the prior year, depending on which sum is larger. **
Two of the top victims of the security breach? They would be Zuckerberg himself, and COO Sheryl Sandberg – confirmed by a company spokesperson.
And looking beyond a top social media platform, data, control, privacy and a damaging code exploit breach – could Mark Zuckerberg be considered the most dangerous man on the planet?
Formulate your own opinion – along with the consideration of leaving Facebook…
Note: header image: Creative Commons Attribution License – blogtrepreneur.com/tech.
Other images: Mark Zuckerberg headshot – pngimg.com, security shield – Facebook Security Update (notated here).
With over 20 years in audio visual integration and IT/computer sales and consulting, Corey Moss is the owner of Convergent AV. Corey writes for the publication and hosts/produces podcasts – The AV Life, The Collaboration Factor and Convergent Tech Talk. He has written for numerous industry publications about AV, IT, unified communications and collaboration (UCC), cloud and software, IoT, cybersecurity and more. He has also conducted interviews with AV and IT executives and global influencers. Find him talking about a whole lot of things, tech and otherwise. On LinkedIn https://www.linkedin.com/in/mosscorey/.