THE CYBERSECURITY 202: FACEBOOK HACK COMPOUNDS THE COMPANY’S WOES IN WASHINGTON

Facebook’s problems in Washington just got worse. 

The social media giant announced on Friday that hackers stole information that could have allowed them to take over 50 million user accounts. The unidentified attackers were able to gain access to a range of profile information, including usernames, hometowns and genders, as my colleague Brian Fung reported.

The company has already spent the better part of a year struggling to convince Congress that it can be trusted to safeguard the personal information of its 2.2 billion users. Now lawmakers will have yet another opportunity to hold Facebook’s feet to the fire — and could hasten efforts to rein in the way the company stores and shares data.

Just hours after Facebook’s announcement Friday, Sen. Mark R. Warner (Va.), the Intelligence Committee’s top Democrat, called for a “full investigation” into the hack to “understand more about what happened.” “This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. The era of the Wild West in social media is over,” he said. 

Facebook has its hands full already. The company is under pressure to prevent a repeat of the 2016 election, in which Russian operatives used the platform to carry out a sweeping political disinformation campaign to help elect President Trump. Congress is also probing Facebook’s role in the Cambridge Analytica scandal, in which Facebook shared information on 87 million users with the Trump campaign-linked political consultancy in the run-up to the 2016 election. In hours-long hearings, lawmakers have grilled Facebook chief executive Mark Zuckerberg and other senior leaders about the company’s privacy practices.

The hack only adds fuel to the calls of lawmakers who want legislation to ensure users get the right protections. Congress has started mulling whether to pass comprehensive legislation to protect consumer privacy rights, as my colleague Cat Zakrzewski and I reported last week. And lawmakers have already floated bills that would force social media companies to be more transparent about their data collection practices and would require companies to notify users of breaches or privacy violations within 72 hours.

“Facebook has become a honey pot for malevolent lawbreakers who seek to undermine our society and democracy,” Sen. Richard Blumenthal (D-Conn.), who sits on the Senate Commerce and Judiciary Committees, said in a statement. “Congress should need no further notice to act.”

And it’s not just Congress that may want to demand answers about the hack. The FTC is already investigating whether Facebook’s relationship with Cambridge Analytica violated a 2011 settlement agreement, and the latest breach just keeps the company in the spotlight.

“These companies have a staggering amount of information about Americans. Breaches don’t just violate our privacy, they create enormous risks for our economy and national security,” FTC Commissioner Rohit Chopra told Gizmodo. “The cost of inaction is growing and we need answers.”

It’s unclear how long the hack will hold people’s attention, as TechCrunch editor Josh Constine notes. There’s no evidence at this point that the hack was carried out for political reasons. Nor is it clear what the attackers wanted to do with the information: Facebook says no credit card information was exposed, and there’s no evidence that attackers tried to access private messages or post fraudulent content. And so far, the company hasn’t determined who is responsible.

“If Facebook discovers the hack was perpetrated by a foreign government to interfere with elections, by criminals to bypass identity theft security checkpoints and steal people’s bank accounts or social media profiles, or to target individuals for physical harm, out will come the pitchforks and torches,” Constine wrote. But “for now, without a nefarious application of the breached data, this scandal could blend into the rest of Facebook’s troubles.”