Facebook has been making headlines due to a data breach affecting as many as 50 million users.
What’s the story?
On March 17, 2018 a New York Times article was published drawing some interesting parallels between a massive data breach and the potential repercussions of this information in the wrong hands. Since then, Facebook has been facing a lot of criticism.
The article reported that a political data firm, Cambridge Analytica, had improperly obtained access to private data from millions of Facebook users. Of course, accessing private information illegitimately and without consent is questionable, but the real drama of this story has come from the power of this information and its potential to shape our culture. Especially since Cambridge Analytica was the political data firm hired by Trump’s presidential campaign in 2016.
Why is this an issue?
Cambridge Analytica obtained the data in question by violating Facebook’s rules. It was a grey area in the app development process that allowed app developers to access data from app users and their friends without consent. In 2015, Facebook demanded that Cambridge Analytica delete the data in question. Facebook considered the matter closed. Long story short – Facebook never followed up to confirm the data was deleted and it was not.
How was the data used?
We don’t exactly know. While it is not clear that the data Cambridge Analytica had was useful to them or even used, it is believed that this data could have been used to give the Trump campaign an unfair advantage of targeting voters online leading up to the election. Especially since the data was paired with tools that could identify personalities and potentially influence behaviour. Christopher Wylie, the whistleblower in this story, has gone on the record to the Observer to say that:
“We exploited Facebook to harvest millions of people’s profiles and built models to exploit what we knew about them and target their inner demons. That was the basis that the entire company was built on.”
Cambridge Analytica denies these allegations and called Wylie a “part-time employee who left in 2014.”
To make matters worse…
Facebook CEO, Mark Zuckerberg, didn’t comment on the matter for 5 days which added a lot of speculation and doubt into an already tense PR crisis. The Federal Trade Commission and British Authorities are investigating the case, Zuckerberg is being called to testify and in the meantime, Facebook stock is plummeting.
Is Facebook to blame?
One of the big questions right now is whether or not the 50 million Facebook profiles in question is considered a data breach for Facebook. Facebook said this was not a data breach, rather a breach of trust and even took out a full page ad in the Observer to ask for forgiveness. But as per their own privacy policy – Facebook’s business model allows the unauthorized sale of this type of information.
This story is revealing how Facebook can use our history of likes, dislikes, private messages and personal photos to target us with vacation destinations, clothing and services, but also shape the news of our world in a way that we would never notice. Regardless of what kind of breach this is considered – what happened with the data and did it really shape our thoughts and opinions?
What now?
#DeleteFacebook has been trending. But beyond deleting your Facebook account, there is a bigger issue that is reaching a tipping point. This scandal is an overdue reckoning over the power of global corporations and their responsibility to protect our personal data.
If you are a business or operate a website that collects personal information, being trusted with that information is paramount.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.
August 15 - Blog
It's official: Packetlabs is a partner and attendee of Info-Tech LIVE 2024 in Las Vegas. Learn more about event dates and registration today.