Facebookin like a slippery eel. Responding to @DPCIreland the data was "publicly available & scraped prior to changes made to the platform in 2018 and 2019."

Let's take a skip down memory lane eh tweeps.

2005. MIT researchers scrape data on 70000 users groups.csail.mit.edu/mac/classes/6.…
2007 Facebook introduces Beacon to track user activity off FB. It led to a class action & settlement cnet.com/news/facebook-…

2009 Facebook shared data with advertisers that suers thought was private. Led to an FTC order nytimes.com/2011/11/30/tec…
2013 a 'bug' exposed the phone numbers & email addresses of over 6 million users to unauthorised viewers for over a year facebook.com/notes/10157814…

2014 87 million profiles harvested by Cambridge Analytica (*cough*) wired.com/story/facebook…
May 2018 a 'bug' active for 5 days, "caused up to 14 million Facebook users to have their new posts inadvertently set to public" wired.com/story/facebook…

August 2018 FB's VPN app, Onavo, removed from Apple's app store for harvesting data zdnet.com/article/facebo…
Sept 2018 between 50 million & up to 90 million Facebook users had their profile data exposed to hackers & that "sites you use Facebook to login to could have been accessed as a result of its massive breach" wired.com/story/facebook…
March 2019 Hundreds of millions of FB user's passwords + millions of Instagram users stored in plain text accessible to thousands of employees krebsonsecurity.com/2019/03/facebo… and about.fb.com/news/2019/03/k…
April 2019 540 million user records detailing comments, likes, reactions, account names, FB IDs and more left exposed on cloud servers upguard.com/breaches/faceb… FB comments in theverge.com/2019/4/3/18293…
Sept 2019 data on 419 million users exposed online "because the server wasn’t protected with a password, anyone could find and access the database" The data included phone numbers, name, gender, country location techcrunch.com/2019/09/04/fac…
December 2019 data on 309 million Facebook users left exposed "for anyone to access without a password or any other authentication." Data included User IDs, names & phone numbers. "The database was exposed for nearly two weeks before access was removed." comparitech.com/blog/informati…
👆 Facebook claims the data was probably harvested in 2019 before they clamped down on access. But was it? comparitech.com/blog/informati… Image
April 2021 "533 million Facebook users' phone numbers and personal data have been leaked online" businessinsider.com/stolen-data-of… Is this the 2018/2019 data or both + more recent data
And now Facebook issues a statement of ‘facts’ saying the data was ‘scraped’ prior to September 2019 but a few days ago told the @DPCIreland it ‘seemed’ to be ‘pre-GDPR’ from 2017/18 dataprotection.ie/en/news-media/…

So why didn’t FB tell users and tell EU DPAs @EU_EDPB ?

#FacebookBreach
"One source of the confusion was that Facebook has had any number of breaches and exposures from which this data could have originated." <as per the thread 👆 But I wouldn't call it 'confusion' ... no not that ..

wired.com/story/facebook…
This is the kicker isn't it @DPCIreland

"the recently public trove of 533 million records is an entirely different data set that attackers created by abusing a flaw in a Facebook address book contacts import feature [that FB said it patched in Aug 2019"<& yet no breach reporting
"Facebook says it did not notify users about the 2019 contact importer exploitation precisely because there are so many troves of semipublic user data—taken from Facebook itself and other companies—out in the world." 🙇🏼🙇🏼 wired.com/story/facebook…
THIS: " The one thing that's certain in all this is that more than 500 million Facebook users are less safe online than they otherwise would be—and potentially vulnerable to a new wave of scams and phishing that Facebook could have alerted them to nearly two years ago." >YEP

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Privacy Matters 💙

Privacy Matters 💙 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @PrivacyMatters

7 Apr
If I was in a deep hole I'd stop digging.

In December 2010 I met with representatives of facebook in Palo Alto to discuss the need to adopt a privacy by design approach & proposed app privacy design guidelines.

I met with another representative of FB in 2013 & discussed
3rd party developers & 3rd party access & the need for guidance & an accountability.

So, y'all was aware of the need for PbD cos I had those discussions. Y'all now shouldn't be kinda saying 'those dumb fucks' didn't change settings that we made difficult to understand or that
"hey y'all look, it's not our fault .. it malicious actors ..."

Malicious actors that took advantage of Facebook's failures and approach to privacy ... cos y'all, in 2004 Zuck himself once called users dumb fucks for handing over their data esquire.com/uk/latest-news…
Read 19 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!