Following the latest data breach at Facebook Inc., the third such in just the last six months, should the company even be allowed to operate anymore? If that sounds preposterous, consider the sheer dimensions of what transpired.

For one, the sheer number of accounts that have been compromised is staggering. The company first claimed the number was 50 million but later added that possibly another 40 million could also have been impacted.

From past performance, we can safely assume that this number will go up majorly. Earlier this year, Facebook initially reported that the infamous Cambridge Analytica quiz app gathered data on some 50 million of its users. Within days, it had revised that number upward by 54% to 77 million. Eventually, the number of users affected was put at 87 million. Following that trajectory, it is possible that the number in the present case could well exceed 100 million.

What is worse is that third party sites, those that were being accessed by users with their Facebook accounts are also at risk. Thus, if someone accesses their Airbnb account using Facebook, all their transaction details including what cards they use, where they’ve travelled over the last few years, all of that stands exposed now.

The whole range of apps thus affected is still not clear but count among those the most obvious ones like Instagram and Tinder and you get a sense of the gravity of this breach.

According to media reports, among those whose accounts were hacked were Facebook founder Mark Zuckerberg and chief operating officer Sheryl Sandberg. That could show how in Zuck’s world, everyone’s the same.

It also shows how little any user, no matter how well informed, could have done to prevent the breach.

Following the disclosure, Facebook said it had fixed the bug and reset the keys for all the accounts but that it did not yet know who was behind the attack or where it had come from.

It isn’t the first time Facebook’s own features have turned out to be its users’ worst enemies. In April this year, the company revealed that “malicious actors" took advantage of search tools on its platform to mine the identities of nearly all of its two billion users worldwide and collect information on them.

In the present case, the breach came from a feature where one user is deliberately allowed to impersonate another for a limited function. This impersonation ‘leaked’ into a wider functionality. In security matters, it shouldn’t be too difficult to immediately recognize that such a feature has great potential for any bug to turn out to be disastrous. Which also means the company should have refrained from introducing the feature. The problem of course is that Facebook has very little incentive to make the right choice.

When it comes to the features/engagement versus security/privacy trade-off, Facebook will always opt for the former. That’s because there is no real price it has to pay for such episodes, no matter how horrifying.

After the brouhaha over the Cambridge Analytica scandal died down, it has been business as usual for the company.

This time too, we know nothing will happen. Zuckerberg will get a few (more) pictures taken with his lips pursed and promise to do better. But with zero impact on the bottom line, no one at Menlo Park will really get hurt.

In the worst case scenario, even if the company is found to have violated the European Union’s new General Data Protection Regulation by not taking appropriate steps to protect its users’ data as per the norms, it might have to pay a $1.63 billion fine. That’s not going to hurt much a company sitting on a cash stockpile of $44 billion, particularly since any such move could take months if not years of investigations.

Contrast this with the punishment handed out to Elon Musk by the Securities and Exchange Commission for that one tweet about going private. It was swift and scathing, the kind that actually changes behaviour.

One can only hope that episodes like Facebook’s move us closer to the day when people like Zuckerberg actually get some real skin in the game as far as protecting users’ privacy goes.

Sundeep Khanna is a consulting editor at Mint and oversees the newsroom’s corporate coverage. The Corporate Outsider looks at current issues and trends in the corporate sector every week.

Close