It’s been over a week since Facebook announced that, thanks to a coding vulnerability, access tokens for at least 50 million* accounts were stolen. Access tokens are important. As Facebook explained in its blog detailing the hack, they are “the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”
The hack also impacted Facebook’s Single Sign-On, which lets people use one account to log into other sites, meaning the impact of the breach is perhaps wider than even Facebook initially reported. Still, at the moment, there’s no way to know how big of a problem it is, or will be. Nor do we know who did it. We’re in the dark for one simple reason: Facebook has said next to nothing about what it knows — or if it knows much at all.
Ad-driven platforms tend to succeed thanks to one thing: our vulnerability.
Bad as it might have been to sit in complete silence, something worse has happened: Facebook’s community has filled the void. Over the weekend, a hoax circulated on Facebook. Users reported seeing a message from another person claiming to have received a weird friend request. The message suggested the user send a mass warning to everyone, urging them to avoid accepting bizarre friend requests.
Here’s an example:
Hi….I actually got another friend request from you which I ignored so you may want to check your account. Hold your finger on the message until the forward button appears…then hit forward and all the people you want to forward too….I had to do the people individually. PLEASE DO NOT ACCEPT A NEW friendship FROM ME AT THIS TIME.
In other words, in the absence of real news from Facebook on a massive hack, fake news about the massive hack took over Facebook. As a parable of the ad-based platform economy, there is perhaps no better example than this. For, at their heart, ad-driven platforms are designed around, and tend to succeed thanks to one thing: our vulnerability.