Facebook announced this week that it had suffered its biggest hack ever compromising the accounts of at least 50 million users. Part of the reason a Facebook hack is so scary is that the social network connects to so many other apps and services. You might use it to log in to Spotify or Tinder or OpenTable — a whole string of apps might have your information connected to your profile. So far, Facebook has said hackers did not access any third-party apps. But it's still investigating the scope of the hack. We dig into this in Quality Assurance, the segment where we take a deeper look at a big tech story. Molly Wood talked with Mike Isaac, a tech reporter for The New York Times who's been covering the story. He said Facebook weaves a tangled online web. The following is an edited transcript of their conversation.
Mike Isaac: I think for, like, 10 years now, Mark Zuckerberg has been sort of positioning Facebook as an identity layer or a passport to the rest of the internet, and they've literally been sort of pitching "add Facebook" buttons to your website site, "add Facebook login" so it makes it much simpler for people to just get up and use your apps immediately. But with that sort of convenience trade-off comes a real security issue, which is when you have all that information and all that stuff in one place, hackers are going to go after that one centralized place that much more and really scrutinize Facebook's security all over the platform.
Molly Wood: Yeah. Security experts have been warning about this exact thing for a long time. This kind of universal login. On the plus side, is it surprising that it took Facebook this long to have a hacked this big?
Isaac: Yeah, totally. I mean, I think credit where due, Facebook as well as Google and some other tech companies out here probably have some of the best people in the entire world working on these systems. And to be fair, there are always going to be minor bugs and exploits that folks attack. But I think if there was one attack that was going to happen, this is probably the worst possible version of it for Facebook.
Wood: Yeah. Can Facebook at this point be trusted? Mark Zuckerberg sat there in front of Congress and said, "If you can't trust us to protect your data then you shouldn't use us." Like, is this the moment, is there ever going to be a moment where people go, "Oh, OK, you're right, I believe you, we should not use you, you are too big to be managed properly or to trust"?
Isaac: I think he was not expecting that a few weeks after he said that statement, he would have an enormous data breach where they can't be trusted to serve their users with their data. I am not convinced that they still deserve to serve their users, especially after the past two years of really damaging news from them. But it's still one of those convenience trade-offs, and I also don't think millions of people are going to just stop using them, at least overnight. So we're going to have to wait and see if people actually log back in or not.
Wood: What's the worst-case scenario, do you think, as Facebook continues to investigate this hack?
Isaac: Worst case in my opinion would be ... I am fascinated to know what, if any, information they got out of the top executive account. So Mark Zuckerberg and Sheryl Sandberg's Facebook accounts were both compromised in this hack, which means they could have skimmed through all their Facebook messages, they could have accessed other apps that they use. So it's really fascinating to see the levels of the company that were compromised here. So who knows what that did. Who knows if there are long-term traps being posed through new accounts they created with these Facebook profiles. It's really, it's something we won't see the effects of for months if not potentially years.
In case you missed it, here are some related links:
- I've been saying for a long time that a constant drip of negative news can eventually turn into a flood. Business Insider put up research Thursday saying only 28 percent of people who responded to its survey planned to keep using Facebook just like they were before the hack. Thirty-six percent said they would reduce their use or quit Facebook (I'll believe it when I see it!). About 30 percent said they'd tighten up their settings or delete some personal information. Not for nothing, 62 percent said they had no idea if they'd been hacked. I have to say, I'm one of those people. Should I be getting an email or something?
- And Digiday had a good story Wednesday about how ad buyers aren’t super sold on Facebook's big premium video outlet Facebook Watch. The company is creating original video series and has asked advertisers to commit to spending $750,000 over a three-month period. That number, according to the report, has dropped to more like $250,000 over three months (And apparently, advertisers aren't that impressed to find out that their ads could be running next to either CNN and National Geographic or the Cincinnati Zoo or a new Facebook Watch show called "Fear Pong." Drip, drip, drip?