Mark Zuckerberg and team take heat for massive data breach, Facebook 'not well managed'

Facebook

Mark Zuckerberg is facing a major public reckoning following the massive Facebook data breach as a cascade of crises catch up with the social media giant.

This isn't the first time the Facebook CEO's leadership has been questioned, but the ever-growing list of problems—Cambridge Analytica, Russian election interference, the spread of disinformation—is prompting tough new scrutiny of Zuckerberg's leadership and his management team. Attackers exploited three flaws in Facebook's code to break into tens of millions of accounts.

"The hack is just another symptom of a bigger problem, which is that the company is not well managed," Pivotal Research Group analyst Brian Wieser told USA TODAY.

Facebook's popularity and profitability have deflected concerns in the past, but its track record over the past two years should concern investors, analysts are warning. On Tuesday the company's resilient stock (FB) was down for the second straight day since the breach was disclosed.

"The Facebook board has to get to the bottom of why these systemic problems keep happening. Is it Mark Zuckerberg's responsibility? If so, he might not be the right person to be CEO of the company. Is it Sheryl Sandberg's responsibility? In which case, she might not be the right person to be COO," he said.

Facebook declined to comment.

Facebook's latest bad news—the largest hack in its 14-year history—compromised the data of nearly 50 million accounts and exposed the data of 40 million more.

Details about the attack are still sparse. Facebook says it doesn't yet know who was behind the attack and has released few details on who was affected or what data was stolen. Also unclear is whether the hackers used the access they gained to millions of Facebook accounts to get into the thousands of other services such as Tinder and Pinterest that take Facebook credentials.

As politicians and regulators demand investigations, analysts are sounding alarms.

"We see this recent security problem adding to already significant concerns about the company and its management," CFRA analyst Scott Kessler wrote in a research note Monday.

So far the Facebook hack has not touched the same kind of nerve that this year's disclosed leak of personal information to Donald Trump-connected political targeting firm Cambridge Analytica did, but that could change. Facebook revealed the latest data breach late on a Friday as the nation was transfixed by Supreme Court nominee Brett Kavanaugh's contentious Senate confirmation hearing.

The main question facing regulators: Did Facebook do enough to safeguard its more than 2 billion users' data before the hack? Zuckerberg, whose personal account was also breached, said last week that Facebook is boosting spending on security staff and technology, areas it already invested heavily in.

The company raised eyebrows in September when security chief Alex Stamos resigned to join Stanford University as an adjunct professor after reports he disagreed with Facebook management over its handling of Russian manipulation on the platform. Facebook assigned his responsibilities to others and reorganized his team, putting security staffers directly in product and engineering teams to safeguard the company's infrastructure and its users, but said it would not appoint a replacement.

"The reality here is we face constant attacks from people who want to take over accounts or steal information. I'm glad we identified this one, fixed the vulnerability and secured the accounts that may be at risk. But we need to do more to prevent this from happening in the first place," Zuckerberg told reporters on Friday.

A Facebook executive said Monday the data breach was the result of a "sophisticated attack." Speaking at an Advertising Week panel, the company's global head of marketing, Carolyn Everson, said Facebook could only detect the hackers "once they made a certain move."

Europe could fine Facebook $1.63 billion

Ireland's Data Protection Commission, the lead privacy regulator of Facebook in Europe, said Monday it was told by Facebook that the number of potentially affected accounts in the European Union is less than 10% of the 50 million. It's not clear how many of the rest are Americans. In a tweet, Facebook said Monday it's working to confirm the "the location of those potentially affected," and plans to release more information soon.

Facebook was forced to disclose the attack much faster and more publicly to comply with strict new privacy rules in the European Union, which require notification within 72 hours. The breach could result in a $1.63 billion fine—4 percent of its global annual revenue in 2017—if European regulators find the company violated those rules.

Distrust of Facebook's handling of the private information of its users dates nearly to the formation of the company in a Harvard dorm room in 2004, but has grown in Europe and the U.S. as problems keep piling up.

Zuckerberg faced tough questions on Capitol Hill about his company's business and privacy practices in the spring and, last month, Facebook's chief operating officer Sandberg was summoned, too. The European Commission, the executive arm of the 28-member bloc, recently demanded that Facebook explain to consumers how their data is being used or face sanctions in several countries.

The data breach affecting tens of millions of Facebook users comes at a sensitive time for the company. The Federal Trade Commission and other agencies are already investigating Facebook over Cambridge Analytica improperly accessing the personal information of 87 million users without their consent. And public sentiment has been soured by the steady drumbeat of controversies including revelations about Facebook's role in spreading Russian propaganda during and after the 2016 presidential election.

"This really isn't going to help Facebook's image. It's going to make its users even more nervous about their privacy than they already are," said eMarketer analyst Debra Aho Williamson. "They are worried about how their data is being used by Facebook, and with this news, they also need to worry about whether their data is being used by hackers."

Last week Facebook was caught using phone numbers provided for security purposes to target Facebook users with ads. At a time when the company is under fire for alleged political bias, its public policy chief was seated just behind Kavanaugh during Friday's Senate confirmation hearing. Facebook says he was there in a personal capacity, not representing the company.

Explore further: Facebook says no sign recent hack spread to other apps