Late last week, Facebook told its users that it had discovered a security flaw in its "View As" feature, which allows users to view their own profile as someone else. The issue could allow anyone to gain access to the security tokens for someone else's account, essentially granting them full access to it.
Though Facebook was relatively quick to respond and address the problem - by logging out all potentially affected users and temporarily disabling the feature altogether - it looks like it may still be in big trouble in the European Union. The Data Protection Commission of Ireland, the main privacy regulator for Facebook in Europe, is looking to obtain more information about the breach, specifically regarding citizens in the EU.
The General Data Protection Regulation, which came into effect in the European Union earlier this year, establishes a pretty hefty fine for those who fail to keep their users' data safe - either $23 million or 4% of the company's worldwide revenue from the previous year. In this case, that would make Facebook's fine go up to a whopping $1.63 billion. Fortunately for the social network, it communicated the breach to regulators within the regulated time limit, which will save it another fine which could go up to 2% of its revenue.
It's not yet clear if anyone's account was actually compromised by this vulnerability, and the resulting fine (or lack thereof) is still up in the air until the investigation is completed. If such punishment does end up being delivered, it would make Facebook the first to be hit by a fine under the new regulation, which seems fitting for a company so deeply involved in privacy scandals this year.