NPC: Facebook's notice to users after hack 'leaves much to be desired'
MANILA, Philippines – The National Privacy Commission (NPC) was not satisfied with Facebook's notification to its users about the recent hacking incident that affected nearly 50 million users of the social media platform.
In a statement on Saturday, September 29, NPC Commissioner Raymund Liboro said that while Facebook has notified the users affected by the online attack, "we have informed Facebook, however, that the notification it sent to individuals leaves much to be desired."
Many Facebook users noticed on Friday, September 28, that they were suddenly logged out of their accounts.
On early Saturday morning (September 28, US time), Facebook disclosed that hackers exploited a bug in the platform's "View as" feature to steal access tokens, which were then used to take over user accounts. (READ: Facebook hacked, attack affects up to 50 million users)
This prompted Facebook to reset the affected users' access tokens and ask them to log back in to their accounts.
"After they have logged back in, people will get a notification at the top of their News Feed explaining what happened," said Guy Rosen, Facebook vice president of product management in a blog post.
No passwords were taken in the breach, only "tokens," Rosen added.
NPC said they received informal notice from Facebook representatives about the incident "at around 12:49 am of September 28."
Facebook said its probe into the hacking was still in its early stages. The social media network's representatives also told NPC it has "not determined yet how many Filipinos are affected and whether misuse of personal information had resulted from this breach."
"The NPC has prescribed breach management procedures in place and we expect Facebook to abide by these rules," Liboro added.
He said the privacy body will inform the public about developments and its actions regarding the incident.
Liboro also urged Filipinos to take necessary steps to stay safe online.
"To protect themselves, all Facebook users must enable multi-factor authentication on all platforms, employ strong passwords, and practice good digital hygiene,"he added. – Michael Bueza/Rappler.com