I woke up this morning to an email notifying me that “540 million Facebook user data points leaked by third parties“. Yikes! Facebook has done it again!!!!
I had just signed up to Facebook the day before. Did I really need to see this headline today?
Needless to say, I quickly opened the article to read the details. It was as bad as I thought it would be. The 3rd-party app has been storing our data on unsecured servers.
- Two third-party app developers – “Cultura Colectiva” and “At The Pool” – stored 540 million Facebook user data entries on unsecured Amazon Web Services (AWS) servers.
- The data collected by Cultura Colectiva included “comments, likes, reactions, account names, FB IDs and more” from more than 540 million users. This data may sound innocent but a hacker could use it to defraud thousand of users.
- Far less data was stored by At The Pool, but that data may be more dangerous. In addition to names, email addresses, and other Facebook data, it also included 22,000 plain-text passwords. These passwords were probably used for the app and not for the Facebook account but that doesn’t make anyone feel better about the leak.
- At The Pool’s website has been unused since 2014 so it’s highly likely that the data has been left exposed for the entire 5 years since..
Ooops, this is the first time they were caught
In April 2018, Mark Zuckerberg testified for 10 hours before Congress, answering questions about drug sales on Facebook, the Cambridge Analytica scandal, and self-regulation of the media giant. He faltered when pressed for an answer on whether Facebook would commit to changing its default settings to minimize data collection “to the greatest extent possible”.
Zuckerberg replied that it was a complex issue that deserves more than a one word answer. Well the Congress was sitting there waiting. They weren’t going anywhere. Why didn’t one of the members prompt him further by saying something to the effect “we have all the time in the world”. He would have had to supply some kind of answer then.
Don’t you find it troubling that he couldn’t reply “yes, I will do my best to protect the data”? It should make you worry about the data you have given them so far.
Zuckerberg even admitted that Facebook goes so far as to collect data from some people who have not signed up for the social network “for security purposes”.
Facebook’s data policies with third-party apps has violated a 2011 agreement with the Federal Trade Commission (FTC). Because of the Cambridge Analytica scandal, the FTC has been investigating Facebook’s privacy practices since March 2018 and are near the end of the investigation. When Google was fined for $22.5 million in 2012, it was a record penalty. The maximum fine is 4% of annual global turnover, if Facebook is found in breach. Since their revenue for 2018 was $56 billion, Facebook could be on the hook for $1.63 billion.
Caught in a web, again
The cybersecurity firm that found and reported the breach was UpGuard. They added that closing the breach was an ordeal. This is their timeline:
- Their first notification email went out to Cultura Colectiva on January 10, 2019. The second email went out on January 14. To this day, there has been no response.
- They notified Amazon Web Services of the situation on January 28. AWS sent a response on February 1, informing UpGuard that the bucket’s owner was made aware of the exposure.
- On February 21, the data was still not secured, so another email was sent to Amazon Web Services.
- It was not until the morning of April 3, 2019, after Facebook was contacted by Bloomberg for comment, that the database backup was finally secured.
It took almost 3 months for Cultura Colectiva to secure its users’ data. The data for At The Pool was secured much quicker because UpGuard took it offline during an investigation, and before they sent out any notification emails. However, the data had already been left unsecured for about 5 years.
So this is how some of the 3rd party apps on Facebook treat your data. They are all, in turn, violating GDPR guidelines by not working diligently to protect your data. They will probably have to answer for that.
If you have not used Cultura Colectiva or At The Pool apps, you are probably not affected. However, this has shown, once again, how little control Facebook has over how your data is used.
How to protect yourself
You have no control over how your data is used once you give it away. Be selective about the information you give to a total stranger. These are the things you should think about before signing on with any social media platform:
- Don’t use a third-party app in Facebook. We have just seen how unsecured your data is, stored at these company’s servers.
- Don’t use Facebook. Good try right? I know it will be hard but with so many data breaches happening every month, is the free service really worth it?
- Reduce your Facebook activity levels. Now I know you can do this. When you are on their platform, try to give them as little data as possible.
What happened to the good old days? When you would sign in just to find out how your friends and family back home are doing. Just to say “Hi, I’m having a barbecue today. Love you. See you around.” Now there are so many 3rd-party apps and so much garbage, ruining things for everybody. Why don’t we all just get back to basics and use it for just a few minutes a day rather than sit on it for the whole day.
Somebody needs to start a movement and maybe everybody else will follow.
How do you feel about this mess? I welcome your opinions in the box below and I will be happy to reply. Thanks and have a great day!