Last Friday, Facebook suspended 69,000 apps, stating that they had harvested users’ personal data. The investigation began in March 2018, after the Cambridge Analytica scandal, leading to the suspensions of those apps, associated with 400 developers. The Massachusetts attorney general Maura Healey investigated and found that 10,000 of the 69,000 apps were found to have “potentially misappropriated” personal data, often as a way to add new users. The Justice Department and the FBI are still investigating Cambridge Analytica. Continue reading Facebook Freezes 69,000 Apps for Collecting Personal Data

Facebook is trying to make good on two key promises: to protect users’ privacy and to allow them to move their data elsewhere. But the two goals may not be compatible, and Facebook is looking outside the company to get ideas on how to deliver both. The European Union and California passed laws that require Facebook to make users’ social media profiles easy to move to a competing platform. At the same time, Facebook agreed to enforce data protections as part of a $5 billion settlement with the Federal Trade Commission. Continue reading Facebook’s Dilemma: Achieving Data Portability and Privacy

More than 419 million records of Facebook users in the United States, United Kingdom and Vietnam — including Facebook IDs and user phone numbers — were recently found online (although Facebook disputes that number). The exposed server was reportedly not password-protected, which suggests the database was accessible to anyone. The server contained user data across multiple databases that could potentially enable spam calls and SIM-swapping attacks. According to Facebook, the breach involved user data collected prior to the introduction of new security measures. The company has since taken the exposed data set offline.  Continue reading Exposed Database of Facebook User Data Is Found Online

The Securities and Exchange Commission fined Facebook $100 million to settle a case related to Cambridge Analytica, which in 2014-2015 collected Facebook data — including names, genders, locations, birthdays and “page likes” — of about 30 million Americans to create “personality scores” and ultimately use it for Donald Trump’s presidential election campaign. When Facebook discovered this misuse of data in 2015, it didn’t reveal what had happened for two years, during which time it presented the issue of data misuse as hypothetical. Continue reading SEC Fines Facebook $100 Million Over Misuse of User Data

Apple, Facebook and Google have been preparing for announcements from the Department of Justice (DOJ) and the Federal Trade Commission (FTC) that leading U.S. tech companies were going to be closely scrutinized for evidence of antitrust behavior. The news has sent shares roller-coasting but the three companies’ lawyers are, said sources, taking a “wait-and-see” approach. While Apple has been battling antitrust battles for years and Google has already faced antitrust investigations in the U.S. and Europe, some experts believe Facebook is not as prepared for the coming scrutiny. Continue reading Tech Companies Have Long Prepared for Antitrust Scrutiny

Regulators have reached a tipping point with Facebook after years of half-measures regarding the social media giant’s security-related missteps. Now, regulators across four continents are attempting to reign in Facebook’s behavior. In the United States, the Federal Trade Commission hasn’t come to a decisive conclusion regarding what constraints to implement, but the agency is looking to address a wide range of issues, including violations reported almost monthly, according to a source close to the investigation.

Continue reading Global Regulators Looking Into Facebook Privacy Practices

In Canada, privacy commissioners stated that Facebook’s “superficial and ineffective safeguards and consent mechanisms” violated local and national laws in allowing third parties to access users’ personal data — and that the company has refused to fix the problems. The New York State attorney general plans to investigate Facebook’s “unauthorized collection” of 1.5+ million users’ email address books. Facebook just banned “personality quiz” apps similar to the one behind the Cambridge Analytica scandal, to improve security. Continue reading Canada, New York Rebuke Facebook For Privacy Violations

In its first quarter earnings report yesterday, Facebook revealed that it is putting aside $3 billion (about 6 percent of its cash and marketable securities) in anticipation of an upcoming fine from the Federal Trade Commission regarding privacy violations. The penalty, which could become the highest of its kind against a tech company by U.S. regulators and the biggest privacy-related fine in the FTC’s history, is expected to run from $3 billion to $5 billion. The social media giant posted more than $15 billion in revenue, a 26 percent increase over the year-earlier period. Continue reading Facebook Planning to Face FTC Fine in Excess of $3 Billion

According to sources, the Federal Trade Commission, which is investigating Facebook for mishandling of personal data, is also taking a close look at co-founder/chief executive Mark Zuckerberg and deciding if and to what degree he should be held personally responsible. Should the FTC move in this direction, it would be a major new challenge for the Silicon Valley company and a personal censure of Zuckerberg. At the same time, Facebook just revealed it botched the safeguarding of millions of Instagram passwords. Continue reading FTC Examining Zuckerberg’s Personal Role in Data Lapses

Cybersecurity firm UpGuard has discovered that Facebook user data has been publicly available on Amazon cloud services. UpGuard was unable to determine how long the personal data was vulnerable, but Mexico-based Cultura Colectiva, for example, stored account names, identification numbers, comments and reactions in 540 million records of Facebook users, which anyone could access and download. The discovery makes it clear that Facebook user data is still insecure, even after the Cambridge Analytica scandal. Continue reading Private Facebook User Data Made Public on Amazon Cloud

Facebook is under investigation by the Federal Trade Commission (FTC), the Securities and Exchange Commission (SEC), the Justice Department and the Department of Housing and Urban Development (HUD) for numerous potential civil and criminal violations. The Silicon Valley company, which denies the charges, said it is cooperating with law enforcement. The HUD investigation, the most recent, states that Facebook allowed advertisers to restrict who they target, based on race, religion and national origin. Continue reading Federal Agencies Investigate Facebook for Legal Violations

Security researcher Brian Krebs revealed that up to 600 million passwords of Facebook users were mistakenly stored in plain text and accessible by up to 20,000 Facebook employees. The passwords were reportedly logged and stored without encryption. KrebsOnSecurity explained yesterday that in some cases, passwords were searchable as far back as 2012. Facebook says it has resolved a “glitch” that may be responsible for the problem and will be notifying users of Facebook, Facebook Lite and Instagram. The company said that its internal investigation did not uncover any misuse of the data. Continue reading ‘Glitch’ Exposes Millions of Facebook Passwords Internally

The U.S. Government Accountability Office (GAO), an auditing agency, issued an independent report that encouraged Congress to develop an Internet data privacy legislation similar to the European Union’s General Data Protection Regulation (GDPR). The House Energy and Commerce Committee requested this GAO report two years ago; a February 26 hearing will discuss the report’s findings and the possibility of drafting such legislation. Prospects for such a law now is weaker due to partisan divides over federal regulation. Continue reading GAO Report Suggests GDPR-Like Internet Data Privacy Law

Facebook said it discovered a bug that allowed unauthorized access to third-party apps of private photos, impacting about 6.8 million users. Facebook engineering director Tomer Bar said the company fixed the issue that allowed such apps “access to a broader set of photos than usual.” Starting with the Cambridge Analytica harvesting of user data, Facebook has had a string of problems related to data privacy, most recently with a serious hack in September that compromised the Facebook accounts of millions of users. Continue reading Facebook Discloses Breach of User Photos to Third-Party Apps

Last month, Facebook admitted that it failed to properly oversee the seven device manufacturers that the company allowed to access personal data of hundreds of million of people in order to build a so-called Facebook Experience. The Silicon Valley company detailed its errors, which was detected by its own government-approved privacy monitor in 2013, in a letter to Senator Ron Wyden (D-Oregon), a privacy advocate and frequent Facebook critic. Meanwhile, Facebook users whose data was compromised have not been alerted. Continue reading Facebook Fails to Police Device Makers’ Use of Personal Data