FACEBOOK BREACHES

In April 2021, Facebook experienced a data breach where

hackers exploited a vulnerability in facebooks system
that exposed the personal information of millions of
users.The breach was investigated by Ireland's Data
Protection Commission (DPC) to determine if the
company complied with Europe's General Data
Protection Regulation (GDPR) laws. This event led to a
significant fine being imposed on Meta, formerly known
as Facebook, in November 2022.

❏ The breach impacted data related to over 533

million from 106 countries users and there
accounts were compromised.
❏ The data exposed in the breach included full names,
phone numbers, locations, and birthdates of Facebook
users was leaked
❏ In July 2019, the Federal Trade Commission (FTC) voted
3-2 to approve fining Facebook $5 billion to finally
settle the investigation into the data breach.
Ireland’s Data Protection Commission hit
Meta with a €265 million fine (about $276
million USD).

Facebook's solution
In response to the hack, Facebook made changes to
their systems to prevent unauthorized data
scraping. While specific security measures remain
unclear, the company has taken steps to address
the issue and is reviewing the decision made by
Ireland's Data Protection Commission. Facebook's
efforts aim to protect user data and prevent similar
incidents from happening in the future.
 1ST DATA BREACH OF FACEBOOK
❏ 2005: MIT Proves a Point by Gathering Data on 70,000 Users

The first known Facebook security violation took place in December 2005 when researchers at
MIT developed a script that could download publicly posted information. In this case,
researchers were trying to prove that social media users were vulnerable to leaks because of
their over-sharing of information online. This MIT group then gained personal data on over
70,000 users without getting their permission.

Whether we like it or not, any information we post publicly will be harvested and used either
maliciously - such as to hack our accounts - or for seemingly innocuous purposes like targeted
ads.
s
Ethics violated are -
➢ Informed Consent
➢ Privacy and Confidentiality
➢ Respect for Persons
 ❏ 2014: Cambridge Analytica scandal
In the 2010s, personal data belonging to millions of Facebook users was collected without their
consent by British consulting firm Cambridge Analytica, predominantly to be used for political
advertising. The data was collected through an app called "This Is Your Digital Life", developed by data
scientist Aleksandr Kogan and his company Global Science Research in 2013.. The scandal, revealed in
2018, led to widespread outrage, regulatory investigations, and scrutiny of Facebook's data privacy
practices.

● cambridge Analytica, a data analytics

Ethics violated - firm, exploited the personal
information of millions of Facebook
➢ Privacy
users without their consent.
➢ Transparency ● The firm accessed this data through a
➢ Trust third-party app that collected
information exposing a total of 87
➢ Informed Consent million users' data.
During the testimony, Mark Zuckerberg publicly apologized for the breach of private data:
"It was my mistake, and I'm sorry. I started Facebook, I run it, and I'm responsible for
what happens here". Zuckerberg said that in 2013 Aleksandr Kogan had created a
personality quiz app, which was installed by 300,000 people.
 -Lesson-
The Cambridge Analytica scandal teaches us a number vital lessons in the
importance of integrity:

1. Data Ethics: Companies must uphold strong ethical standards when

handling user data, respecting their privacy, and obtaining explicit
consent.
2. Accountability: Tech giants like Facebook must be held accountable
for their actions, and regulatory bodies play a crucial role in ensuring
data protection.
3. Transparency: Transparency in data usage and sharing is essential for
maintaining user trust.
 How and Why this Breaches happen ?
Third-Party Access: Facebook allowed third-party developers significant access to user data
through its APIs (Application Programming Interfaces). This access was meant to facilitate
app integrations and enhance user experience but also allowed for potential misuse and
unauthorized data harvesting.

Insufficient Oversight: There were instances where Facebook did not adequately monitor how
third-party developers were using the data they accessed. This lack of oversight contributed
to situations where developers could collect and use data beyond what users might
reasonably expect.

Policy Loopholes: At certain points, Facebook's policies regarding data sharing and privacy
were not stringent enough to prevent abuse. For example, prior to changes in its API
policies, apps could gather extensive personal data not only from users who interacted
directly with the app but also from their friends, potentially without their explicit consent

Data Security: There were also instances of data breaches where hackers exploited
vulnerabilities in Facebook's systems to gain unauthorized access to user accounts. Despite
efforts to enhance security measures, these breaches exposed personal information to
unauthorized parties.
 Overview
The Facebook data breaches underscore critical issues in data privacy and
cybersecurity. They reveal both the vulnerabilities inherent in large-scale data
platforms and the challenges of safeguarding user information in an era of
increasingly sophisticated cyber threats(exploit vulnerabilities to steal information
and money and are developing capabilities to disrupt, destroy, or threaten the delivery of
essential services.)While Facebook has taken steps to address these issues, the
incidents highlight the need for ongoing vigilance and improvement in data
protection practices.

Some key takeaways to prevent all this things:

➢ Need for Stronger Security:Continuous improvement in security measures is
essential to protect user data and prevent future breaches.
➢ Importance of Transparency:Clear communication about data handling
practices and breach responses is crucial for maintaining user trust.
➢ Regulatory Oversight:Effective regulation and oversight are necessary to
ensure that companies adhere to high standards of data privacy and security.
 Conclusion
Overall, the Facebook data breaches serve as a stark reminder of
the complexities involved in managing digital privacy and the
need for robust, proactive measures to protect sensitive
information.