According to The Information (opens in new tab) this week, Facebook is looking to buy a security company. The report follows the social media platform's recent data breach in which the data of 30 million people was stolen.
Facebook Needs More Security
The Information said Facebook has been approaching several security companies about a possible acquisition, and a deal with one could be announced by the end of the year. Facebook has not released an official statement on the matter.
In September, Facebook disclosed it had suffered a major hack, in which the data of 30 million users was stolen. The company appears to have been struggling with its security ever since it lost its Chief Security Officer (CSO), Alex Stamos, earlier this year. Stamos seemed to have been unhappy with how Facebook was handling platform manipulations by nation states, such as Russia.
The company didn’t replace Stamos and also disbanded his security team and relocated its members to other jobs. At the time in August, Facebook said, “We expect to be judged on what we do to protect people’s security, not whether we have someone with a certain title.”
Facebook's Recent Data Breach
Last month, a New York Times report revealed that an attack against the Facebook network breached up to 50 million user accounts. The attackers used an exploit that allowed them to take over users’ accounts. To mitigate the issue, Facebook logged out 90 million users in order to reset their security tokens.
Facebook eventually blamed the attack on spammers, who apparently were selling their services as a digital marketing company. It also then claimed that only 30 million accounts were affected.
People familiar with the investigation said Facebook was aware of these spammers from before they hacked its servers. Facebook declined to confirm or deny this claim. The vulnerability that enabled the breach had existed from July 2017 to September 2018.
This attack was the largest data breach in Facebook’s history, and unless Facebook rethinks how its security teams handle operations inside the company, it may not be the last either. It remains to be seen if Facebook purchasing an entire cybersecurity-focused company will be the right solution.