This afternoon, Facebook held an emergency press conference to disclose a startling security breach. The company said 50 million Facebook accounts were affected in a hack that allowed attackers to control an account as if they were the account holders.
“Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” said Facebook’s VP of product management Guy Rosen during a morning press call. “We also don’t know who’s behind these attacks or where they’re based.”
Following the press call, it became immediately apparent: this was a gigantic security breach and the full ramifications were yet unknown. Word of the Facebook hack was quickly covered by several major news outlets and spread throughout social media. Naturally, Facebook users wanted to share the story to warn their friends of the exploit.
But for a brief period Friday afternoon, many users found that they could not share stories from several legitimate news outlets. Facebook was reportedly blocking people from posting stories about the hack published by The Guardian, Sacramento Bee, and Associated Press.
“Our security systems have detected that a lot of people are posting the same content, which could mean that it’s spam. Please try a different post,” read a Facebook popup when people were trying to post a link about the hack from one of those three sites.
On Twitter, people were sharing the Facebook spam filter message in frustration.
I’ve also seen reports that stories from the Sacramento Bee and the AP are also getting the same treatment, but in testing it out myself, I haven’t witnessed that.
— Brian Fung (@b_fung) September 28, 2018
And while conspiracy theories are likely to run rampant about Facebook purposely blocking a negative story about itself from being shared on its platform, it’s important to note that other major outlets like Washington Post and USA Todayreported no such issues with the links to its stories.
But, you don’t need a far-out conspiracy theory to come to the conclusion that the spam filter error is a real problem. While it’s, of course, good that Facebook has a spam filter in place to stop accounts or bots from posting what could be a link to a scam or a fake news site, it’s incredulous that Facebook’s spam filter would mistake links from well-known credible news organizations like the Associated Press as spam. In fact, with a news outlet like the AP or The Guardian, Facebook’s spam filters should be set up to expect a lot of people posting the same content within a short period of time because it should take into account that breaking news would be shared in a viral fashion specifically from those types of websites.
update: AP and Guardian links are now going through. a buddy who does anti-spam stuff (not at FB) says their guess is that this story spread so virally that it bumped over a spam detection threshold.
— kate conger (@kateconger) September 28, 2018
Additionally, the spam filter issue is a problem, no matter how brief, because the average Facebook user is likely not going to troubleshoot for a fix. If a Facebook user receives an error when trying to post a news story about an issue like a Facebook security breach, they’re not going to search for alternative links and test out which news outlets are passing Facebook’s spam filter. The odds are that the user is just not going to try and share the story after the spam filter blocks them from doing so and this information will fail to go out to that user’s network.
While Facebook will no doubt be laser focused on dealing with the 50 million account security breach, this spam filter issue is without a doubt one that must be dealt with as well.