The Korea Communications Commission said Monday that it had requested Facebook to provide comprehensive information on the latest hacking attack’s motives and its potential impact on Korean users.
“If found to have compromised the personal data of Korean users, Facebook will face penalties in accordance with the Act on Promotion of Information and Communications Network Utilization and Information Protection,” the KCC said in a statement.
|Facebook CEO Mark Zuckerberg (AP-Yonhap)|
The move came days after the social network operator disclosed the discovery of a security issue that had affected nearly 50 million user accounts.
According to Facebook, hackers exploited a vulnerability in Facebook’s code that impacted the “View As” feature that lets people see what their own profile looks like to someone else.
It allowed them to steal Facebook access tokens -- digital keys that keep people logged into Facebook so they don’t need to re-enter their password every time they use the app -- which could then be used to take over people’s accounts.
The social network said it has fixed the vulnerability and reset the access tokens of the nearly 50 million accounts affected, by logging users out of their accounts.
As part of strengthened security measures, the social network has also reset access tokens for another 40 million accounts that have been subject to a “View As” lookup in the last year. This means around 90 million users have been logged out of Facebook and apps that use Facebook’s Login feature.
At the moment, there is no need for users to change their passwords, but those who want to take the further precautionary action of logging out of Facebook should visit the Security and Login section under settings to sign out from the social network, according to the company.
Facebook has yet to determine who perpetrated the hacking attack as well as how and for what purposes the stolen data were wrongly used. But depending on the outcome of the investigation, the consequences could greatly differ for the social network.
Facebook Korea said it has been keeping local authorities updated on the matter, and will continue to provide updates.
The latest data breach comes just months after Facebook’s recovery from another privacy crisis in March involving Cambridge Analytica, a political consultancy working for the Donald Trump administration.
Cambridge Analytica was found to have harvested the profiles of some 50 million Facebook users without their permission, for the purpose of voter profiling. The incident drew public outcry over Facebook’s apparent failure to properly guard its user data, and took a toll on its reputation.
By Sohn Ji-young (firstname.lastname@example.org)