zlacker

[parent] [thread] 4 comments
1. microw+(OP)[view] [source] 2018-09-28 17:08:50
Or why FB waited almost a week to tell us.
replies(3): >>arturs+k >>r3bl+W >>kregas+o1
2. arturs+k[view] [source] 2018-09-28 17:11:03
>>microw+(OP)
I think a week is pretty reasonable. They were probably investigating to even get an initial understanding of what happened.
3. r3bl+W[view] [source] 2018-09-28 17:15:40
>>microw+(OP)
> On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts.

Now it's 28th, meaning that they've disclosed the breach within 72 hours, as requested by at least one regulation (Article 33 of the GDPR).

That's clearly not even half a week.

replies(1): >>microw+Ai
4. kregas+o1[view] [source] 2018-09-28 17:18:40
>>microw+(OP)
Worth noting that GDPR requires 72 hours from discovery to disclosure; and whether Facebook's timetable matches these rules.
◧◩
5. microw+Ai[view] [source] [discussion] 2018-09-28 19:09:53
>>r3bl+W
Over 50M accounts are compromised and we're going to split hairs on the proper way to divide up a week? The optimal number of days to alert your 50 million users that their accounts have been compromised is zero. Think about how many businesses that use FB and the thousands of 3rd party sites that use Facebook's API to authenticate users. I don't feel Facebook should get to be sole arbiter on deciding the severity of the incident when if affects so many and has so much potential to financially impact other businesses. They should have immediately sent out an alert when they discovered it.
[go to top]