Facebook has failed to notify users affected by data breaches in 533 million accounts

In Europe, data protection genders contacted Facebook to ask for details about the leak.

The pressure on Facebook has been steadily increasing over the past week as a large database with phone numbers associated with several hundred million users has gone online. On Saturday, April 3, the Internet user released a database of information linked to more than 533 million Facebook accounts in a forum frequented by cybercriminals, almost free of charge. This information includes, in particular, marital status, professional activity and the phone number registered on the platform.

Many researchers and media analysts of the database in circulation today believe that these phone numbers are all up-to-date by 2019 – a timeline confirmed by Facebook, which believes it will buy information into 533 million accounts. It happened before September 2019.

After four days, the social network did not notify users that specific data had been collected and distributed freely. He asked The world In this regard, Facebook explained on Wednesday, April 7 that it does not want to warn the Internet users involved because this information, according to them, does not come from a hack and is incompatible “General Information”.

Read this too Five questions about data breach for more than 533 million Facebook accounts

Fraudulent use of a feature

To understand this claim of the American company, it is necessary to explain how this data was recovered: by exploiting a feature of the social app that allowed the mobile app to import its address book to find its knowledge on Facebook.

Facebook had made edits to prevent this type of massive collection

The company said that some players were able to hijack the tool by importing a very large number of numbers to see the similarity with the Facebook profile. From there, they can also collect publicly available information about those profiles, depending on the privacy settings they use. After discovering this exploitation of activity, Facebook made adjustments to prevent this type of massive collection. If it is said to be an intrusion on Facebook’s servers – no hacking, that is, a large-scale use of tools for fraud and abuse of the social network.

Was this data public or private, as Facebook claims? Here again, the subtlety is subtle. Today, people with your number in the address book can disable the option that allows you to find them on Facebook. But in March 2019, According to the special site Tech Crunch, This feature was open by default “For all” ; I was able to limit it to “friends” or “friends of friends”, but that didn’t disable it.

The Irish “CNIL” contacted Facebook

Terms used in the same way as Facebook’s reaction will also be important to Europe’s data security genders, which will monitor violations of citizens ’privacy. The Public Data Protection Regulation (GDPR), which came into force in the EU in May 2018, allows companies that monitor personal data breaches to pay a financial fine of up to மில்லியன் 20 million within 4 hours or 4% of the company’s revenue in the year prior to the fine.

However, in a statement, the Data Protection Commission (DBC), equivalent to CNIL in Ireland, is the head of data protection centers in Europe. He explained that he had not received a statement 533 million account file from Facebook after it was published online. When contacted, he explained to the controller that the company finally seemed to be collecting data “Before making platform changes in 2018 and 2019”.

CNIL in France said on Wednesday that it would work with DBC to establish the conditions for the data collection. “The actions taken by Facebook in relation to this breach, especially direct contact with those affected by the leak, as well as security measures implemented before and after the leak, will reduce the risks to those involved.”, Added the commission in a statement.

Read this too Understanding GDPR, the new data protection regulation, in five questions

Check Also

Two Internet monitoring companies added…

Two cyber-surveillance and private data-gathering companies, Sytrax and Intelaxa, have been added to a list …

Leave a Reply

Your email address will not be published. Required fields are marked *