Facebook’s security breach
Facebook (FB) experienced its worst-ever security breach in September, where hackers attacked nearly 50 million users’ accounts, of which ~10% were European. It was disclosed that the attackers combined three bugs and stole users’ access tokens.
Earlier, it was feared that the attackers may have misused users’ tokens and accessed Facebook, Instagram, Oculus, and other websites and apps. However, as reported by Reuters on October 3, it appears the hackers did not access third-party sites.
Penalties imposed for security breach
Facebook learned of the security breach on the afternoon of September 25 and alerted regulators and the public within 72 hours, on the morning of September 28. Disclosing security breaches within 72 hours is essential for companies to avoid steep penalties imposed by European Union laws.
In May, the European Union implemented the GDPR (General Data Protection Regulation) to give users control over their online data usage. The law can mean heavy fines for companies that mishandle users’ data and have improper security practices. In July, Google-parent Alphabet (GOOGL) was fined $5 billion under the GDPR for competition abuses associated with its Android phone software.
Facebook’s sluggish user growth
Facebook’s security breach has raised concerns for Facebook investors and users, who may not yet have come to terms with the Cambridge Analytica scandal. The growing data privacy concerns and the GDPR have led to sluggish user growth in the second quarter of 2018. Facebook’s DAU (daily active user) count of 1.47 billion missed analysts’ expectations in Q2 2018, and also grew at a slower rate sequentially.
In the second quarter, FB rival Twitter (TWTR) lost ~1.0 million monthly users sequentially, ending the quarter with 335 million monthly users. Snap (SNAP) reported a sequential decline of 3 million in its user base in the second quarter, ending with a DAU count of 188 million.