Sen. Warner: Facebook 'Security Issue' Needs Investigating

Sen. Mark Warner (D-Va.) has called for a "full investigation" of a just-discovered Facebook "security issue" that affected some 50 million accounts.

Warner is co-chair of the Senate Cybersecurity Caucus.

The senator also took the opportunity to remind Silicon Valley that Congress is ready to step in.

“The news that at least 50 million Facebook users had their accounts compromised is deeply concerning," he said. "A full investigation should be swiftly conducted and made public so that we can understand more about what happened."

Sen. John Warner

Sen. John Warner

He said the latest "security issue" is just the latest reminder of what he called "the dangers" of a small number of companies accumulating "so much personal data without adequate security," and a "sobering" reminder that Congress needs to take actoin to protect consumer privacy.

"The era of the Wild West in social media is over, " he said, echoing a point he made following hearings earlier this year on various social media-related issues including Russian election meddling--Warner is also co-chair of the Senate Intelligence Committee.

"On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts," Facebook said. "We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security."

"Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted 'View As,' a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app."

Facebook said it had fixed the vulnerability and told law enforcement. It has also temporarily turned off the "View As" feature.

Related: Zuckerberg Says Facebook Fixes Will Take Years

Facebook said it had fixed the vulnerability and told law enforcement. It has also temporarily turned off the "View As" feature.

Related: Content Creators Seek FTC Help From Edge 'Abuses'

“Today’s disclosure is a reminder about the dangers posed when a small number of companies like Facebook or the credit bureau Equifax are able to accumulate so much personal data about individual Americans without adequate security measures.Fight for the Future was fighting mad over the breach and agree it was time for legislation.“Let’s make this perfectly clear: Facebook’s data harvesting business model just put fifty million people in danger," said Evan Greer, executive director of Fight for the Future. "Rather than shoring up their security, companies like Facebook have been spending millions lobbying against real privacy and data security protections for Internet users. We need real laws that protect people, not ones that the companies write themselves behindclosed doors.”

“Once an innocent place to safely share our lives with friends, Facebook has become a honeypot for malevolent lawbreakers who seek to undermine our society and democracy," said Senator Richard Blumenthal (D-Conn.). "Congress should need no further notice to act.  My colleagues must join me as I craft data privacy legislation that protects consumers and protects our national security.”

“It’s not enough for Facebook to be sorry," said Rep. Ben Ray Luján (D-N.M.). "Facebook has a responsibility to protect the people who trust its platform. So does Congress. “After it was revealed that 87 million Facebook users’ data was inappropriately shared with Cambridge Analytica, the Energy and Commerce Committee heard testimony from CEO Mark Zuckerberg. That was in April of this year.“It’s now the end of September and Committee Republicans have still failed to take any meaningful action to protect consumers. These breaches will continue. It’s time for Congress to hold companies like Facebook accountable and to pass comprehensive privacy and data protection legislation.”

John Eggerton

Contributing editor John Eggerton has been an editor and/or writer on media regulation, legislation and policy for over four decades, including covering the FCC, FTC, Congress, the major media trade associations, and the federal courts. In addition to Multichannel News and Broadcasting + Cable, his work has appeared in Radio World, TV Technology, TV Fax, This Week in Consumer Electronics, Variety and the Encyclopedia Britannica.