If you quit Facebook or never joined because of its data collecting practices the odds are good the social network is still tracking you – despite your protest.
Facebook collects data of non-users of its social network via dozens of mainstream Android apps that send tracking and personal information back to the social network. Some of the dozens of apps sharing data with Facebook include Kayak, Yelp and Shazam, according a report presented by Privacy International at 35C3. “Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook Business Tools,” according to the report.
Read more about the findings of the report on Threatpost.
Another week, another security failure at Facebook. This week’s “bug” allowed the private photos of up to 6.8 million users to be improperly accessible to up to 1,500 different applications built by 876 different developers for nearly two weeks before the company noticed the security lapse and fixed it. Once again the company is merely “sorry this happened” but offering no compensation to those users whose trust it violated.
As Facebook racks up security failure after security failure, it raises the question of why users should continue to trust it with their data. Moreover, the company’s two month wait to notify data protection authorities after it discovered the breach, in spite of GDPR’s 72-hour notification requirement, reminds us that GDPR is far more limited than the public understands.
Read more about the latest Facebook breach on Forbes.
Facebook faces its second privacy-related fine in Europe, with the most recent action taken by the Italian Competition Authority. Facebook was hit with two fines, totaling 10 million Euros (about $11.3 million), for violating Italy’s Consumer Code.
The Italian Competition Authority (ICA) found that Facebook violated several articles of the statute by misleading consumers about how their data would be used. These include Articles 21 and 22. The ICA found that Facebook doesn’t explicitly inform people when they register that their information will be used for commercial purposes.
Read more about the new privacy-related fine for Facebook on Threatpost.
The central mythos of Facebook is that what’s good for Facebook is good for the world. More sharing, more friends and more connection will “make the world more open and connected” and “bring the world closer together”, Mark Zuckerberg has argued, even as his company has been engulfed by scandal.
But confidential emails, released by the British Parliament, reveal the hardheaded business calculations that lurked beneath the feel-good image projected by Zuckerberg and Facebook. “That may be good for the world, but it’s not good for us,” Zuckerberg wrote in a 2012 email about the possibility that developers would build applications that used data about Facebook users and their friends, but not provide any data back to Facebook.
Hackers have published what they claim are private messages from at least 81,000 Facebook accounts – and they say the trove contains a fraction of the details they have from a larger cadre of 120 million accounts. In an English-language Dark Web advertisement (now taken down), the perpetrators offered the messages for 10 cents per account.
The BBC Russian Service investigated the supposed heist along with cybersecurity firm Digital Shadows. The team found that within the 81,000 Facebook users in the sample posting, those in the Ukraine and Russia are the main targets (although some others were also impacted. The BBC found evidence that the leaked portion of the archive is real.
Read more about the new Facebook data breach on Threatpost.
Just weeks ago Facebook revealed a massive security flaw on its website. That flaw allowed hackers to compromise tens of millions of accounts. Ever since the hack went down Facebook has been scrambling to shore up its defenses.
Now it looks as though the company has come up with a solution. According to a report from The Information, Facebook is currently talking to several major cybersecurity firms about an acquisition. By the sound of things, Facebook is hoping that talks progress quickly. Sources familiar with company plans say that Facebook wants to close the deal by the end of this year.
The Facebook hack may be the work of spammers, not a nation-state affiliated group, according to a report. The Wall Street Journal reported last week that, according to anonymous sources familiar with Facebook Inc.’s internal investigation, the hack of 30 million users was the work of spammers, not a nation-state as previously assumed.
Facebook has been investigating the hack since it discovered the incident in late September and is working with the FBI on the criminal portion of the investigation. The social media giant last week found that the attack affected 30 million user accounts, which is 20 million less than the original estimate.
Read more about this developing story on TechTarget.
Facebook could face potentially billions in fines under GDPR for the latest data breach which impacted roughly 50 million accounts. It took mere hours before class-action lawsuits were filed against Facebook for failing to protect user data.
Businesses in the EU are held accountable under the General Data Protection Regulation (GDPR), which came into effect May 25. If Facebook is found to be in breach of GDPR for failing to adequately protect user data over this incident, the company faces a fine of up to €20 million or 4 percent of annual global turnover, whichever is higher. Based on Facebook’s financial results for the last fiscal year, the fine could be up to $1.63 billion.
Last Friday, Facebook’s VP of product management Guy Rosen, coordinating with a Facebook post by founder Mark Zuckerberg, said the company discovered someone had abused access tokens for 50 million users on Tuesday afternoon. While the impacted accounts only represent a small fraction of the billions of monthly active users worldwide, the incident is still significant, as the abused tokens enable full access to a person’s account.
According to Rosen, the attackers targeted Facebook’s ‘View As’ feature, which allows users to view their profile as someone else. “Since we’ve only just started our investigation, we have yet to determine whether these accounts were misused or any information accessed,” Rose wrote.
Read more about the Facebook breach affecting 50 million accounts on CSO.
Facebook is following through on a massive app investigation and audit promised by CEO Mark Zuckerberg back in March following the Cambridge Analytica scandal. In an update posted this week, Facebook said it has investigated thousands of apps and suspended “around 200” while it inspects them.
The company is taking a closer look at apps that had access to large amounts of information prior to policy changes it made in 2014. That year, Facebook implemented restrictions to limit the amount of data apps could access. Before 2014, apps didn’t need to request permission to collect data on users’ friends. After 2014, friends had to consent for their data to be collected. These limitations prevent the extensive data collection of apps like the personality quiz created by Aleksandr Kogan, who shared his trove of information on millions of Facebook users with Cambridge Analytica.
Read more about Facebook’s massive app investigation that was prompted by the Cambridge Analytica scandal on DarkReading.