Meta Platforms Inc.'s (NASDAQ: META) outage on Tuesday, which affected users of Facebook, Instagram and Messenger, underlined a growing mistrust of the ability of technology companies to operate securely and keep customers safe from cybersecurity threats.
The outage followed another incident, reported by many technical publications over the weekend, when a security researcher discovered an unprotected database belonging to a short message service (SMS).
The SMS was responsible for sending authentication codes to users of Meta, Alphabet Inc.'s (NASDAQ: GOOG) (NASDAQ: GOOGL) Google and several cryptocurrency firms, among others.
Andy Stone, Meta's chief of communications, issued a statement on X following Tuesday's outage, outlining "technical issues."
The statement said: "Earlier today, a technical issue caused people to have difficulty accessing some of our services. We resolved the issue as quickly as possible for everyone who was impacted, and we apologize for any inconvenience."
The irony of Facebook having to use X to notify its users of the problem was not lost on X platform users. Hundreds of Facebook customers took to X to express their difficulties in obtaining their authorization codes.
Weak Authentication Approach
Cybersecurity expert Al Lakhani, CEO of IDEE - a German identification and authorization provider - criticized Facebook's two-device multi-factor authentication (MFA) approach as being "weak."
He said: "It's a huge facepalm for Facebook. What clearer example does the industry need that using two devices to achieve multi-factor authentication is weak?"
He added: "When even the tech behemoths are being exposed thanks to basic errors like compromised one-time passwords, SMS and password reset links, you can quickly see the fundamental issue with any MFA solution that's still reliant on a second device."
Losing Trust In Big Tech
Facebook's outage came on the same day as the publication by research and public relations firm Edelman of a report called Technology Industry Watch Out, Innovation At Risk.
Richard Edelman, CEO and author of the report, said "citizens, by a two-to-one margin, across 28 markets believe that innovation is being badly managed."
"Technology is losing its lead position among industries in trust as businesses fail to consider the potential impact of fast-developing innovation on employment or concerns about privacy or lifestyle," he added.
The issue of trust was a theme also noted by Lakhani of IDEE following Facebook's outage.
He concluded: "Global outages like this erode trust very quickly, annoying users and angering advertisers. The only way to ensure MFA is effective is to build solutions on same-device MFA. Let's hope this incident acts as a wake-up call to organizations and cybersecurity professionals globally."
Cybersecurity stocks had been among the top performers in 2024 until Palo Alto Networks Inc. (NASDAQ: PANW) last month issued weaker-than-expected guidance for its next quarter. It's shares fell 28% on the day, and are currently 3% lower in 2024.
The First Trust NASDAQ Cybersecurity ETF (NASDAQ: CIBR), is an exchange-traded fund that holds Palo Alto, as well as CrowdStrike Holdings Inc. (NASDAQ: CRWD), which was up 16% on Tuesday after its stronger-than-expected fourth-quarter earnings report. The CIBR is up 6.5% so far in 2024, after gaining 39% in 2023.