Facebookin like a slippery eel. Responding to @DPCIreland the data was "publicly available & scraped prior to changes made to the platform in 2018 and 2019."
Let's take a skip down memory lane eh tweeps.
2005. MIT researchers scrape data on 70000 users groups.csail.mit.edu/mac/classes/6.…
Let's take a skip down memory lane eh tweeps.
2005. MIT researchers scrape data on 70000 users groups.csail.mit.edu/mac/classes/6.…
https://twitter.com/PrivacyMatters/status/1379412169540964352
2007 Facebook introduces Beacon to track user activity off FB. It led to a class action & settlement cnet.com/news/facebook-…
2009 Facebook shared data with advertisers that suers thought was private. Led to an FTC order nytimes.com/2011/11/30/tec…
2009 Facebook shared data with advertisers that suers thought was private. Led to an FTC order nytimes.com/2011/11/30/tec…
2013 a 'bug' exposed the phone numbers & email addresses of over 6 million users to unauthorised viewers for over a year facebook.com/notes/10157814…
2014 87 million profiles harvested by Cambridge Analytica (*cough*) wired.com/story/facebook…
2014 87 million profiles harvested by Cambridge Analytica (*cough*) wired.com/story/facebook…
May 2018 a 'bug' active for 5 days, "caused up to 14 million Facebook users to have their new posts inadvertently set to public" wired.com/story/facebook…
August 2018 FB's VPN app, Onavo, removed from Apple's app store for harvesting data zdnet.com/article/facebo…
August 2018 FB's VPN app, Onavo, removed from Apple's app store for harvesting data zdnet.com/article/facebo…
Sept 2018 between 50 million & up to 90 million Facebook users had their profile data exposed to hackers & that "sites you use Facebook to login to could have been accessed as a result of its massive breach" wired.com/story/facebook…
March 2019 Hundreds of millions of FB user's passwords + millions of Instagram users stored in plain text accessible to thousands of employees krebsonsecurity.com/2019/03/facebo… and about.fb.com/news/2019/03/k…
April 2019 540 million user records detailing comments, likes, reactions, account names, FB IDs and more left exposed on cloud servers upguard.com/breaches/faceb… FB comments in theverge.com/2019/4/3/18293…
Sept 2019 data on 419 million users exposed online "because the server wasn’t protected with a password, anyone could find and access the database" The data included phone numbers, name, gender, country location techcrunch.com/2019/09/04/fac…
December 2019 data on 309 million Facebook users left exposed "for anyone to access without a password or any other authentication." Data included User IDs, names & phone numbers. "The database was exposed for nearly two weeks before access was removed." comparitech.com/blog/informati…
👆 Facebook claims the data was probably harvested in 2019 before they clamped down on access. But was it? comparitech.com/blog/informati… 
April 2021 "533 million Facebook users' phone numbers and personal data have been leaked online" businessinsider.com/stolen-data-of… Is this the 2018/2019 data or both + more recent data
https://twitter.com/UnderTheBreach/status/1378314424239460352?s=20
And now Facebook issues a statement of ‘facts’ saying the data was ‘scraped’ prior to September 2019 but a few days ago told the @DPCIreland it ‘seemed’ to be ‘pre-GDPR’ from 2017/18 dataprotection.ie/en/news-media/…
So why didn’t FB tell users and tell EU DPAs @EU_EDPB ?
#FacebookBreach
So why didn’t FB tell users and tell EU DPAs @EU_EDPB ?
#FacebookBreach
"One source of the confusion was that Facebook has had any number of breaches and exposures from which this data could have originated." <as per the thread 👆 But I wouldn't call it 'confusion' ... no not that ..
wired.com/story/facebook…
wired.com/story/facebook…
This is the kicker isn't it @DPCIreland
"the recently public trove of 533 million records is an entirely different data set that attackers created by abusing a flaw in a Facebook address book contacts import feature [that FB said it patched in Aug 2019"<& yet no breach reporting
"the recently public trove of 533 million records is an entirely different data set that attackers created by abusing a flaw in a Facebook address book contacts import feature [that FB said it patched in Aug 2019"<& yet no breach reporting
"Facebook says it did not notify users about the 2019 contact importer exploitation precisely because there are so many troves of semipublic user data—taken from Facebook itself and other companies—out in the world." 🙇🏼🙇🏼 wired.com/story/facebook…
THIS: " The one thing that's certain in all this is that more than 500 million Facebook users are less safe online than they otherwise would be—and potentially vulnerable to a new wave of scams and phishing that Facebook could have alerted them to nearly two years ago." >YEP
• • •
Missing some Tweet in this thread? You can try to
force a refresh
