The social media giant disclosed late last month that “hundreds of millions” of user passwords had been stored insecurely and were potentially readable by company employees. The news has led industry observers to weigh in on what this latest compromise means for expectations around cybersecurity generally and the prospect of new legislation in particular.
Facebook’s confirmation of the security compromise, in a March 21 blog post, came after a report which estimated the number of affected users totaled between 200 million and 600 million. The passwords were reportedly stored in plain text.
Facebook said it found “no evidence to date that anyone internally abused or improperly accessed them” or that the passwords were visible to anyone outside of the company. Facebook added that it had “fixed” the problem and would notify impacted users “as a precaution.”
A muted public reaction to the latest disclosure suggests that Facebook may have trained users to accept a lack of cybersecurity, much as people became accustomed to giving up some of their privacy, according to Kalev Leetaru, a senior fellow at George Washington University, who wrote an article on the topic for Forbes.com. Leetaru contends that companies may come to view cybersecurity as an unnecessary expense. After all, he asked, why spend huge amounts protecting databases if there’s no penalty from users for exposing their data?
Public Knowledge, a nonprofit promoting freedom of expression, wrote in its blog that the most recent security compromise shows that Congress needs to enact a “comprehensive” new law with detailed requirements around data security and breach notifications. “Facebook’s response is all American consumers can expect in companies’ behavior: corporate reassurance that nothing went wrong, and a promise to do better in the future,” the nonprofit wrote.
Germany’s Justice Minister, Katarina Barley, blasted the password exposure for its “frightening unprofessionalism.” As Reuters reports, Barley said in a statement that “Facebook only takes responsibility when it’s forced to do so.”
The Financial Times notes what a tough March it has been for Facebook. The company’s app also suffered its largest-ever service outage. Meanwhile, reports surfaced that prosecutors in New York are investigating its data-sharing deals with other major tech groups.