Just over two weeks ago, Facebook announced a breach affecting 50 million users on its social media platform. This vulnerability stemmed from Facebook's "view as" feature. This feature lets people see what their profiles would look like to other people. Hackers exploited the code that is associated with this feature which then allowed them to steal "access tokens" that allowed them to take over people's Facebook accounts. While access tokens are not the same thing as your username and your password, they do allow people to log in to accounts without requiring the password. Facebook also said later that the breach has also affected third-party apps that their users may have linked to their Facebook account, such as Instagram. As a precautionary measure, Facebook has logged out about 90 million users from their accounts. Because access tokens were stolen and not passwords, Facebook said that affected users don't need to change their security settings, including their passwords. Facebook's investigation into these attacks are in the early stages, and they do not know who is responsible for these attacks, or how much information was stolen.
Of course, this is not great news for Facebook to receive. Just earlier this year in March, Facebook went under intense scrutiny for the Cambridge Analytica scandal where a UK-based digital consultancy harvested the personal information of 87 million Facebook users.
However, the public's response to this attack has not been too negative. More than 6,000 people complained about the breach on Zuckerberg's personal Facebook page according to Reuters. In addition, two Facebook users are suing the company for the breach. But considering Facebook has 2.2 billion users and 90 million were affected by this attack, these responses are not too negative. In fact, it already seems like overall people don't care that much about this second breach of 2018. This indifferent outlook on Facebook's recent privacy issues works is working in favor of the company. As long as Facebook's users don't care, then its advertisers won't care either. This explains why Facebook has been investing heavily in security and system recovery at the expense of profits. In wants to prevent a future attack where its user's information is used maliciously and ultimately scares them away from using Facebook again. Then Facebook would be in serious trouble.
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.