Either way, it will now be harder for the public to believe the company has made progress since Chief Executive Officer Mark Zuckerberg pledged in April congressional hearings to protect user data above all else and invest more in security. If people lose confidence in Facebook’s handling of their personal information, they may spend less time or share less on the social network, limiting the company’s ability to make money from their activity.
In the incident disclosed Friday, the Menlo Park, California-based company said it started investigating suspicious activity on Sept. 16. A few days before that, Zuckerberg wrote that the company was better prepared for attacks by foreign actors spreading division and misinformation ahead of elections in the US, France and other countries. The prospect of hackers taking control of almost 50 million Facebook accounts may undermine those assertions.
The breach is very different than the crisis earlier this year that forced Zuckerberg to testify in Congress. In that case, the maker of a personality quiz app on Facebook transferred his database of profile information to a third party, Cambridge Analytica. That political consulting firm told Facebook it had deleted the information, but it hadn’t.
One Facebook defense at the time was that there was no technical security problem -- it was a human error and a lie. The data transfer also happened several years earlier, and Facebook had scrapped ties with developers that allowed it to happen. This time, Facebook can give no such reassurances. Regulators were quick to criticize the company, demand more information and call for an investigation.
There are signs Facebook has learned from its past crises, however. After the Cambridge Analytica news
broke, Zuckerberg didn’t address the public for days. And this time, he got on a call with the media right away to try to explain what happened. “This is a very serious issue,’’ he said.