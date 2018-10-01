By Sarah Frier

Facebook’s worst security breach ever is a major blow to the company’s effort to rebuild trust with users of the social network after a privacy scandal in March.

A hacker or hackers exploited several software bugs at once to obtain login access to up to 50m accounts. Facebook does not know the number of hackers. That access let the intruder act like users on their profiles, or on any applications where they signed in using Facebook.

User data leaks, security breaches and the spread of misinformation have forced Facebook to confront hostile US congressional hearings and uproar from users.

This breach adds to concerns that the company is collecting too much personal information and not looking after it properly.

Data is the lifeblood of Facebook’s advertising business, so any limits on its activities that stem from these mis-steps could crimp the company’s earning power.

Facebook has fixed this latest vulnerability, but it does not yet have answers to crucial questions. It is unclear what the hackers did with the access. Were they looking for private data, or were they trying to impersonate real users and post misleading information?

It will now be harder for the public to believe that the company has made progress since chief executive Mark Zuckerberg pledged at US congressional hearings in April to protect user data above all else and invest more in security.

If people lose confidence in Facebook’s handling of their personal information, they may spend less time or share less on the social network, limiting the company’s ability to make money from their activity.

In the breach disclosed on Friday, Facebook said it started investigating suspicious activity on September 16. A few days before that, Zuckerberg wrote that the company was better prepared for attacks by foreign actors spreading division and misinformation ahead of elections in the US, France, and other countries. The prospect of hackers taking control of almost 50m Facebook accounts may undermine those assertions.

The breach is very different than the crisis earlier this year that forced Mr Zuckerberg to testify before the US Congress.

In that case, the maker of a personality quiz app on Facebook transferred his database of profile information to a third party, Cambridge Analytica.

The political consulting firm, employed by Donald Trump’s election campaign and the Brexit Leave campaign, told Facebook it had deleted the information, but it had not.

One Facebook defence at the time was that there was no technical security problem — it was a human error and a lie. The data transfer also happened several years earlier, and Facebook had scrapped ties with developers that allowed it to happen.

This time, Facebook can have no such reassurances. Regulators were quick to criticise the company, demand more information and call for an investigation.

After the Cambridge Analytica news broke, Mr Zuckerberg did not address the public for days. This time, he got on a call with the media right away to try to explain what happened.