FACEBOOK HACK: 50 million people’s accounts exposed by major mistake in
Social network’s code.
Facebook, Inc is an American based social networking site. It connects people all over the world, making the Earth a global village. There are over 2 billion daily active users for Facebook and it is one of the most visited sites.
Facebook collects and stores data of each user. It is facing axe from legal systems for selling the users data for political purpose and now in the recent development the Facebook page was hacked, and it is estimated that more than 50 million accounts have been affected. The investigations in the early stages has revealed that attacker exploited the “view as” feature, which lets people see what their own profile looks like to someone else. A vulnerability in the code for “view as” tool led to security laps.
If you need assistance with writing your essay, our professional essay writing service is here to help!
On September 16,2018 Facebook detected spike in traffic signal, which indicated that something was wrong, but the company officially detected the hack on September 25, 2108. The company developers fixed the code on September 27, 2018 and the hack was announced on September 28th, 2018. The flaw in the code was injected on July,2017, when Facebook gave a new update of video uploading. Ever since this update the flaw was not detected and the hackers took advantage of this and data of the users was stolen.
After detecting the attack and the cause for it Facebook has rectified it. The data breach case is now handle by Federal Bureau of Investigation and Facebook is giving them full swing support to identify the hackers. Until this day it is found that the users personal data was taken and no information on the identity of the hacker has been found. Facebook has reset the access tokens of more than 90 million accounts which are prone to attack. The users have been logged out of all the devices they signed, and they have login again which produces new access tokens. Facebook also stated that there is no need for the users to change the password . Facebook also setup helpline to all the users affected and it has notified the users about the incident and they are helping the users recover their account if they are facing any trouble logging in to Facebook.
2. Literature Review
 On September 28th, 2018, Facebook, Inc updated the security information on its official fb newsroom website, about the cyber-attack against them. The firm disclosed that:
- The attacker exploited a vulnerability in Facebook’s code that impacted “view as” feature, which allowed them to get access tokens and get hold of their account.
- The impact of this attack is estimated to 50 million users.
- User information such as name, contact information (phone number and mail id), gender, language, relationship status, religion, birthday and many other personal details were accessed
Authorities have detected the flaw in the code and have rectified the mistakes, currently the
“view as” feature has been disabled, to ensure security.
The attack on Facebook is being probed by Federal Bureau of Investigation(FBI) and no details of the attackers has been disclosed.
3. Liffick’s Analysis
- Participants of Facebook, Inc data breach
- Facebook, which had its servers accessed by unauthorised users.
- The Hackers, Facebook and FBI are investigating the case and hackers are yet to be determined.
- The Facebook users that were affected by this data breach.
- Other apps and websites which use Facebook for log in.
- The FBI who is also investigating the incident.
- The News agency and media which were responsible for covering and reporting this issue.
- Reducing list of participants through simplifying assumptions:
The participants who do not have a direct effect on the case or have a minimal influence ethically can be listed here. The participants in this may have taken part with respect to the data breach case here, but their action can be neglected since the action will not in any way affect the inference derived.
The FBI can be ignored from the list as it can be told that this case will not have a direct impact on them and they are just trying to find the culprits involved in this data breach. Even though FBI has started its investigation, it will not have serious impact on the issue and it is the duty of FBI to conduct investigations on these types of issues.
The news agencies, who brought news of massive cyber-attack into the public can be ignored, since, it is the duty of the news agencies to inform the public. The actions of the news agencies may have harmed the reputation of the organization, but it can be inferred that they acted ethically performing their duty to the best of their ability, hence the media can be ignored from our list of participants.
- Legal Considerations:
The Data breach case of Facebook, is a clearly unethical case of stealing data with unauthorized access into the organization’s server. The culprits are not identified, so once they are caught there will be a case filed against them on accounts of cybercrime. Since this very serious issue both hackers and Facebook might be under scrutiny. Even Facebook was negligent with their code which caused data breach.
- Options for the participants:
According to Facebook, a September 16 spike in traffic signalled that something was wrong, but the company officially discovered the hack Tuesday, September 25. The company developers fixed the code the night of September 27. The hack was announced September 28. The vulnerability was introduced into the code during the summer of 2017. “This attack exploited the complex interaction of multiple issues in our code,” Rosen wrote. “It stemmed from a change we made to our video uploading feature in July 2017.” Facebook did not say if this is when hackers began taking advantage of the security lapse, reports the ringer.com.
From the above portion it is clear that there was a glitch in the code for more than a year, Facebook should have detected this early and Stopped the data breach. Facebook being one of the leading technological company should be able to detect their flaws in code and act accordingly.
The word ‘hacker’ implies malicious intensions and hence we cannot expect them to be Ethical. The better approach for them could have been to approach Facebook and demonstrate the flaws in their code and make them realize their mistake. By doing this you are not only obeying the law, you also helped Facebook realize its mistake.
The Facebook users:
Since the Data breach is not under the users control they can take care by logging out of all the devices they logged in before. By doing this all the old Access tokens that hackers accessed will get expired and if we log in again the new access tokens will be generated, which are not accessed by hackers.
The Facebook with in span of one week of vulnerability detection has Fixed the issue. It has reset the access tokens of the affected accounts in order secure their account, because of this all the affected users must log back to their account. Facebook has also temporarily turned off “view as” button. Even the Facebook help centre is assisting the users to help recover from this issue. The Facebook also assured its users that it will giving more importance to Security in coming days. *
- Key Statements:
 “People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened. There’s no need for anyone to change their passwords.” Security update by Guy Rosen, VP of Product Management, Facebook.
 “”Security is an arms race, and we’re continuing to improve our defences. This just underscores there are constant attacks from people who are trying to underscore accounts in our community. While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.” From Mark Zuckerberg, CEO, Facebook.
- List of questions raised:
- What caused the delay of more than a year in identifying the flaw in the code which led to data breach?
- Was there any insider threat, because the breach of data of a robust technical organization like Facebook is not as easy as it looks.
- Will there be any effect of this Data breach for the users of Facebook in the future?
- Will the additional expenses on IT security as promised by the organization guarantee that there are no such data breaches in the future?
- Was Facebook ethical in instructing its users not to change their passwords after the attack?
- Analogies Employed:
Recently, In March 2018 Google plus a social media network by Google was shut down after company suffered a massive data breach that exposed the private data of more than 500000 users to third party developers. A security vulnerability in one of the APIs of Google+, allowed third party developers to access data such as usernames, email address, occupation, date of birth and gender related information.
- Code of Ethics applied:
1.1 Contribute to society and human well-being.
1.2 Avoid harm to others.
1.3 Be honest and trustworthy.
1.4 Honour property rights including copyrights and patent.
2.1 Strive to achieve the highest quality, effectiveness and dignity in both the process and products of professional work.
2.5 Give comprehensive and thorough evaluation of computer systems and their impacts, including analysis of possible risks.
4. Alternative proposals:
Pessimistic: A full-scale pessimistic approach to the data breach case would be to seek an apology to the users, as they share their information in social media platform by trusting them. Apart from this they must provide free help line to all the users facing issue with this particular incident and try to solve the it with at most priority.
Optimistic: To gain the trust of the existing users and to attract new customers, the IT security should be enhanced. To provide a new framework, wherein, multiple layers of authentication be implemented for log in.
Compromising: A compromising solution which is to an extent provided by the Facebook is to reinforce the IT security workforce. More emphasis should be given to testing the code so that when new features are added, it should not affect the security of the platform. The integration of new features should be carried out with care.
5. Ethical Theory:
- Utilitarianism Ethics: This theory states that an action which maximises the number of beneficiaries will be considered the best. It lays emphasis on no harm and greatest good policy.
With regards to the breach of the data in Facebook, the organization provided prompt action by informing the authorities and users according to European Data Protection Law(GDPR), thus helping them to beware of the malicious intensions of the hackers. The points above stated clearly shows that the organization worked towards the betterment of the users who form majority here, hence the Facebook worked in accordance with utilitarianism theory.
- Kantian Ethics: kant’s theory is an example of a deontological moral theory according to these theories, the rightness or wrongness of actions does not depend on their consequences but on whether they fulfil the duty.
In this case, the Facebook correctly approached justice authority and FBI to help them catch the hackers and inform the customers about the data breach that had happened. The organization while taking the above step did not care about the loss of reputation or business loss that may occur while letting this information flow into the public. Hence it can be concluded they performed the duty of keeping the customer first, which is satisfies the Kantian ethics.
Facebook did not play the victim card and kept the customers interests above all which is in accordance with both the theories mentioned above. Hence both the ethical theories will be considered while drawing the conclusion.
The Facebook data breach case of 2018 was studied in the light of Utilitarianism Ethics, Kantian Ethics and was analysed using Liffick’s analysis study, while it can be said that the organization should be more proactive in detecting anomalies in their system and should have a check on insider threats as well. It can be noticed that the Facebook kept the interest in of the users above all. The users were informed about the data breach and also the authorities were duly informed about the cybercrime which had affected about 50 million users. Facebook, Inc here, applied corrective measures and worked for the good of its users, thus satisfying both the utilitarianism and Kantian ethical principles, hence it is still popular social media platform.
 ACM code of ethics and professional conduct http://www.acm.org/about-acm/acm-code-of-ethics-and-professional-conduct 16th Oct,1992
 Kantian Ethics http://www.csus.edu/indiv/g/gaskilld/ethics/kantian%20ethics.htm
 Utilitarianism https://en.wikipedia.org/wiki/Utilitarianism