Zuckerberg takes heat after Facebook breach
Growing cascade of crises prompts new scrutiny of CEO’s leadership
SAN FRANCISCO – Mark Zuckerberg is facing a major public reckoning following the massive Facebook data breach as a cascade of crises catch up with the social media giant.
This isn’t the first time the Facebook CEO’s leadership has been questioned, but the ever-growing list of problems – Cambridge Analytica, Russian election interference, the spread of disinformation – is prompting tough new scrutiny of Zuckerberg’s leadership and his management team. Attackers exploited three flaws in Facebook’s code to break into tens of millions of personal accounts.
“The hack is just another symptom of a bigger problem, which is that the company is not well managed,” Pivotal Research Group analyst Brian Wieser told USA TODAY.
Facebook’s popularity and profitability have deflected concerns in the past, but its track record over the past two years should concern investors, analysts are warning. On Tuesday, the company’s resilient stock was down for the second consecutive day since the breach was disclosed.
“The Facebook board has to get to the bottom of why these systemic problems keep happening. Is it Mark Zuckerberg’s responsibility? If so, he might not be the right person to be CEO of the company. Is it Sheryl Sandberg’s responsibility? In which case, she might not be the right person to be COO,” he said.
Facebook declined to comment. Facebook’s latest bad news – the largest hack in its 14-year history – compromised the data of nearly 50 million accounts and exposed the data of 40 million more.
Details about the attack are still sparse. Facebook says it doesn’t yet know who was behind the attack and has released few details on who was affected or what data was stolen. Also unclear is whether the hackers used the access they gained to millions of Facebook accounts to get into the thousands of other services such as Tinder and Pinterest that take Facebook credentials.
As politicians and regulators demand investigations, analysts are sounding alarms.
“We see this recent security problem adding to already significant concerns about the company and its management,” CFRA analyst Scott Kessler wrote in a research note Monday.
So far the Facebook hack has not touched the same kind of nerve that this year’s disclosed leak of personal information to Donald Trump-connected political targeting firm Cambridge Analytica did, but that could change. Facebook revealed the latest data breach late on a Friday as the nation was transfixed by Supreme Court nominee Brett Kavanaugh’s contentious Senate confirmation hearing.
The main question facing regulators: Did Facebook do enough to safeguard its more than 2 billion users’ data before the hack? Zuckerberg, whose personal account was also breached, said last week that Facebook is boosting spending on security staff and technology, areas it already invested heavily in.
The company raised eyebrows in September when security chief Alex Stamos resigned to join Stanford University as an adjunct professor after reports he disagreed with Facebook management over its handling of Russian manipulation on the platform. Facebook assigned his responsibilities to others and reorganized his team, putting security staffers directly in product and engineering teams to respond more quickly to crises but said it would not appoint a replacement.
“The reality here is we face constant attacks from people who want to take over accounts or steal information. I’m glad we identified this one, fixed the vulnerability and secured the accounts that may be at risk. But we need to do more to prevent this from happening in the first place,” Zuckerberg told reporters Friday.
A Facebook executive said Monday the data breach was the result of a “sophisticated attack.” Speaking on an Advertising Week panel, the company’s global head of marketing, Carolyn Everson, said Facebook could detect the hackers “only when they made a certain move.”
Facebook warned some business customers Tuesday that their internal data might be in jeopardy, too, if they began using Workplace – a version of Facebook targeted just at companies – before June 2016 and linked the account to their personal Facebook account. Facebook says only a small percentage of accounts are still linked.
❚ Europe could fine Facebook $1.63B: Ireland’s Data Protection Commission, the lead privacy regulator of Facebook in Europe, is expected to open a formal investigation this week.
It was told Monday by Facebook that the number of potentially affected accounts in the European Union is less than 10 percent of the 50 million. It’s not clear how many of the rest are Americans. In a tweet, Facebook said Monday it’s working to confirm the “the location of those potentially affected” and plans to release more information soon.
Facebook was forced to disclose the attack much faster and more publicly to comply with strict new privacy rules in the European Union, which require notification within 72 hours. The breach could result in a
$1.63 billion fine – 4 percent of its global annual revenue in 2017 – if European regulators find the company violated those rules.
Distrust of Facebook’s handling of the private information of its users dates nearly to the formation of the company in a Harvard dorm room in 2004 but has grown in Europe and the U.S. as problems keep piling up.
Zuckerberg faced tough questions on Capitol Hill about his company’s business and privacy practices in the spring and, last month, Facebook’s chief operating officer Sandberg was summoned, too.
The European Commission, the executive arm of the 28-member bloc, recently demanded that Facebook explain to consumers how their data is being used or face sanctions in several countries.