Watch the video to find out more.
Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge, had this to say on the breach: “Despite a tremendous number of potential victims, I would refrain from panic and unripe conclusions. It is still largely unclear how many accounts were actually compromised, and how many of them were subsequently used for malicious activities or theft of personal data.
“Facebook’s reaction to the incident is straightforward and professional, serving a good example of transparency, care and honesty. One may, however, enquire why the unusual spike of traffic was detected only after 50 millions accounts were already affected. Such a wealthy company as Facebook could potentially afford to have a faster reaction.
“Some experts reasonably question the economic practicality of crowd-sourced security testing.” Ilia Kolochenko, High-Tech Bridge
“From a legal point of view, this incident may become a notorious milestone of GDPR enforcement by the EU regulators. A multi-million fine is not that impossible under the integrity of circumstances.
“As for the US, a class action and individual lawsuits can cause a lot of trouble for Facebook, potentially with even higher penalties or settlements, exacerbated by legal costs and a jeopardised public image. In both cases, however, victims will unlikely get any considerable compensation unless they can prove their damages with reasonable certainty, or try to invoke punitive damages but this is highly unlikely.
“This incident may also collaterally affect the bug bounty industry. While the majority of submissions are usually represented by relatively trivial XSS and CSRF vulnerabilities, some experts reasonably question the economic practicality of crowd-sourced security testing.
Facebook’s bounty programme stands out among other programs thanks to its global prestige and remarkably high financial rewards. Nonetheless, it has apparently failed to address these flaws for over a year. This incident clearly emphasizes that a bug bounty is no silver bullet.
“A holistic, adaptive and multi-layered approach to cybersecurity, well pictured by Gartner’s CARTA, remains vital today. Using Facebook as a scapegoat will probably not cause any negative reaction in our society but conversely “punish the villain” and serve as a deterrent example to other Internet giants. This is a our unhappy reality.”
