In a significant move, the European Union’s privacy watchdogs have fined Meta, the parent company of Facebook, a whopping 251 million euros (approximately $264 million). This penalty follows an extensive investigation into a data breach that occurred in 2018, which exposed millions of user accounts on the social media platform.
The breach happened when hackers exploited bugs in Facebook’s code, particularly in the “View As” feature, which allowed users to see how their profiles appeared to others. This vulnerability allowed the attackers to steal access tokens, which are digital keys that let users stay logged into their accounts. With access to these tokens, the hackers were able to take control of user accounts.
The investigation was led by the Irish Data Protection Commission, which is Meta’s lead privacy regulator due to the company’s regional headquarters being based in Dublin, Ireland. The watchdog found multiple violations of the EU’s strict General Data Protection Regulation (GDPR) and issued reprimands along with “administrative penalties” amounting to 251 million euros.
Meta has said that it will appeal the fine. In a statement, the company acknowledged the breach and emphasized that the issue was addressed as soon as it was discovered. “We took immediate action to fix the problem as soon as it was identified,” Meta said, adding that it had proactively informed both the impacted individuals and the Irish watchdog. However, the company maintained that the breach, which initially affected 50 million accounts, actually impacted around 29 million users, including 3 million in Europe.
The hack was traced back to three distinct bugs in the “View As” feature, which allowed users to see how others viewed their profiles. The attackers used this vulnerability to steal access tokens from accounts of individuals whose profiles appeared in search results. The breach spread from one account to another, affecting millions of users.
In response to the breach, Meta alerted the FBI and regulators in both the United States and Europe. The fine from the Irish Data Protection Commission is one of the largest in a series of penalties against the company related to privacy violations, and it underscores the growing scrutiny Meta is facing for its handling of user data under the GDPR.
ALSO READ: Apple’s Foldable iPad Could Launch By 2028: Know Details Here
