zlacker

Did not mention what was leaked/taken or how 50M and not everyone.

>>coldco+(OP)
It said anyone who has used the "view as" may have been accessed

>>coldco+(OP)
> Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed. We also don’t know who’s behind these attacks or where they’re based. We’re working hard to better understand these details — and we will update this post when we have more information, or if the facts change. In addition, if we find more affected accounts, we will immediately reset their access tokens.

From the press release[0] posted elsewhere in this thread

[0] https://newsroom.fb.com/news/2018/09/security-update/

>>coldco+(OP)
Or why FB waited almost a week to tell us.

>>microw+B1
I think a week is pretty reasonable. They were probably investigating to even get an initial understanding of what happened.

>>microw+B1
> On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts.

Now it's 28th, meaning that they've disclosed the breach within 72 hours, as requested by at least one regulation (Article 33 of the GDPR).

That's clearly not even half a week.

>>microw+B1
Worth noting that GDPR requires 72 hours from discovery to disclosure; and whether Facebook's timetable matches these rules.

>>r3bl+x2
Over 50M accounts are compromised and we're going to split hairs on the proper way to divide up a week? The optimal number of days to alert your 50 million users that their accounts have been compromised is zero. Think about how many businesses that use FB and the thousands of 3rd party sites that use Facebook's API to authenticate users. I don't feel Facebook should get to be sole arbiter on deciding the severity of the incident when if affects so many and has so much potential to financially impact other businesses. They should have immediately sent out an alert when they discovered it.