Facebook has confirmed almost 50m of its user accounts have been compromised following a hacker attack on its network earlier this week (25 September).
The company today (28 September) announced attackers had exploited a weakness in its ‘view as’ tool, which allows users to see what their profile looks like to someone else. The ‘view as’ feature has subsequently been temporarily removed from the platform.
Facebook said specific posts containing personal information such as age, gender and location were bugged, however assured users that their password and credit card information has not been compromised.
It is the second time this year that the tech giant has been forced to apologize to users after their personal information was exposed or manipulated. March’s Cambridge Analytic scandal, which revealed the information of up to 87m Facebook user had been passed onto the political data firm without consent, saw a number of advertisers halt their spend with the platform.
Commerzbank, Mozilla and Sonos were among the bigger brands to lead the retreat. The latter went as far as to pull all of its advertising from Facebook, Instagram, Google and Twitter for a week in response. It is currently unclear if any brands will follow suit this time around.
News of the hack comes a day after Facebook admitted advertisers had gained access to user phone numbers and contacts in order to better target consumers.
The Association of National Advertisers (ANA) did not comment directly on the data breach, however resurfaced its response issued in the wake of Cambridge Analytica stating it was "equally applicable to the current situation".
"The ANA wants brands to advertise on platforms that are safe, reach their intended consumers, and ensure brand integrity," it stated in March. "The inappropriate use of information and insight means everyone -- consumers, advertisers, publishers and other stakeholders – loses."
Michael Connolly, chief executive officer of programmatic ad buying platform Sonobi, stated he believed there to be a potential near-term and a long-term affect on the relationship between Facebook and its advertisers.
"Near-term, this will continue to shine a light on how much advertisers and brands invest into a platform that potentially has issues with security, and if they can lose user data, they can lose advertiser data as well," he said.
"This is just another hit to the reputation of Facebook, which they don't need right now. Longer term, this incident will again spark ideas at the agency and brand level about how they can diversify away from the platform. Additionally, this attack may lead to Facebook restricting or removing access to valuable user data that is part of what makes the platform so efficient from a return on ad spend perspective."
Other commentators, however, have predicted the impact will be minimal.
Jeff Ratner, chief media officer at iCrossing, noted that none of his clients have explicitly requested removal them from Facebook this time around.
"There is still faith in the system" he said. "However, today was definitely unsettling. Facebook should be the gold standard of data security."
Brian Wieser, a senior analyst at Pivotal Research, agreed. He said that although the situation is unlikely to impact advertisers "in any meaningful way", "questions about trust and about Facebook’s ability to manage its business well will continue, however, as this incident is illustrative of deeper problems".
He added: "It probably won’t meaningfully impact the brand in the short term."
Facebook is yet to determine who was behind the attack, as well as whether it has affected users in particular locations. It confirmed it has notified law enforcement of the incident and GDPR's enforcement body in Europe.
The UK's Information Commissioner's Office stated its intent to make "enquiries with Facebook and our overseas counterparts to establish the scale of the breach and if any UK citizens have been affected".