There seems no end in sight to the Facebook privacy saga. Facebook first revealed that up to 87M people may have had their data harvested by Cambridge Analytica, 71M of them Americans.
The political consultancy denies this, TechCrunch reporting that it claims to have licensed data for up to 30M people, and saying that none of this data was used to help the Trump campaign …
Whether the true number is 30M, 87M or somewhere in between, Facebook says that ‘malicious actors’ used search tools on the site to collect data on most of the network’s two billion users. Potentially, that data could be used to help with identity theft attempts.
Facebook until recently allowed you to search for contacts on Facebook by entering their email address or phone number. This would then take you to the user’s public profile, which typically displays a photo and hometown. You can generally then click through to past profile and cover photos, family members on Facebook, reviews posted by the user and public groups to which they belong.
The company says that bad actors started by obtaining email addresses and phone numbers on the so-called Dark Web, then searched Facebook for those details to gather additional data. CEO Mark Zuckerberg said that the scale of this activity was such that almost every user would have had their public profile data scraped in this way.
The company said that it did have in place basic protections against this type of activity, like limiting the number of searches from a given IP address, but sophisticated attackers ‘cycled through […] hundreds of thousands of IP addresses.’ It has now blocked such searches altogether.
Facebook also revealed that it can monitor the content of private messages sent using Messenger, but this is only done by human moderators when a message recipient reports abuse. Automatic tools are, however, routinely used to check for illegal photos and malicious links, reports Bloomberg.
Zuckerberg said that the #DeleteFacebook campaign so far hadn’t resulted in ‘any meaningful impact,’ but that the company still recognized that it had been guilty of ‘a massive breach of trust.’
Many people use the ‘login via Facebook’ option offered to them by apps and websites, and some of these have now stopped working, likely as a result of security measures made by the social network. Buzzfeed reports that Tinder users were for a time unable to login via Facebook, and were then put into an endless loop preventing them from using an alternative login method. This has since been fixed.
Zuckerberg is due to testify before Congress on April 10-11, as Australia joins the list of countries to open investigations into whether privacy laws were breached.
Photo: VICE