Facebook’s parent company, Meta, has been fined €251 million (approximately $264 million) by the European Union (EU) following an investigation into a 2018 data breach that exposed millions of user accounts.
On Tuesday, the EU’s data protection watchdog confirmed the fine, imposed after an inquiry led by the Irish Data Protection Commission. The breach occurred when hackers exploited a vulnerability in Facebook’s code to access user accounts and steal digital keys known as “access tokens.” These tokens allowed unauthorized access to the affected accounts.
The Irish authority, which oversees Meta under the EU’s data privacy framework for 27 member states, concluded the investigation before issuing the penalty.
Initially, Facebook reported that 50 million user accounts had been compromised. However, the Irish Data Protection Commission later revealed that the actual number was closer to 29 million, including 3 million European users.
The breach stemmed from three bugs in Facebook’s “View As” feature, which lets users preview how their profiles appear to others. Hackers exploited this feature to steal access tokens, allowing them to control user accounts. The attack spread from one user’s Facebook friends to others, amplifying its reach.
Meta stated that it promptly notified the FBI and regulatory authorities in the U.S. and Europe upon discovering the issue. The company has also announced its intention to appeal the fine.
Most Commented