Facebook downplays data breach even if it exposes users to hacking
Besides refusing to notify affected users, Facebook also downplayed the data breach by saying that it happened years ago and had since been secured. But the fact that the breach dated back to 2019 should alert regulators: Under some privacy regulations, including the European Union's General Data Protection Regulation, the tech firm should have informed victims of the data scraping.Facebook's 2019 settlement with the Federal Trade Commission, which was reached after the tech giant was accused of misusing user data, also required the company to report details of a breach involving at least 500 users within 30 days of confirming the incident.
Ireland's Data Protection Commission, the EU's lead regulator for Facebook, announced on Tuesday, April 6 that it was investigating the data leak to see if the social media giant violated any rules. The commission initially received "no proactive communication" from the firm but is now in contact with them, Reuters reported.
Experts have also said that the issue is still grave regardless of when it happened, largely due to the nature of the stolen information. The leaked data included phone numbers, Facebook ID's, full names, locations, birthdates, bios and, in some cases, email addresses. It did not include passwords, financial records and health information.Rob Shavell, CEO of DeleteMe, a personal data protection tool, told the Guardian that even if passwords and other sensitive information were not exposed, the scraped data is still significant because it included signifiers, such as phone numbers and birthdates, that are seldom changed.
"Even if the data is old, it's never really old because it will always be useful for data brokers," Shavell explained. "It helps them correlate related information that is new and dump them into these profiles, which they sell online for as little as 99 cents."
The exposed information can also be used in combination with existing user data online to hack accounts, most notably bank and other accounts that require two-factor authentication. Two-factor authentication involves texting a confirmation code to a phone number to verify a person's identity.
The leaking of phone numbers can also be problematic amid the recent rise of robocalls – an automated telephone call that delivers a recorded message, typically for the purpose of telemarketing and scams.
"Forget about being hacked, it's just annoying to be constantly getting spam calls," Shavell said. "The data breach, whether they say it's old or not, is another way spammers get this information."
Users can check if their personal data is included in the leak using legitimate websites such as Have I Been Pwned?.
Learn more about the issues surrounding the way Facebook handles users' private information at FacebookCollapse.com.
Sources include: Reuters.com BusinessInsider.com TheGuardian.com HaveIBeenPwned.com
Google sued over coronavirus contact tracing apps that may expose users to data breach
By Virgilio Marin // Share
State department says Chinese solar panels are products of genocide, forced labor
By Virgilio Marin // Share
YouTube gives itself “free expression” award then brags about censoring dissent
By News Editors // Share
Donald Trump nominates Robert F. Kennedy Jr. as HHS secretary
By arseniotoledo // Share
Trump names Tulsi Gabbard as the next Director of National Intelligence
By lauraharris // Share
