Internet security and data breaches aren’t new things. Equifax had a whole lot of its customers’ financial data stolen because of lax security. Yahoo had an undetected security breach for years that also escalated. Now it’s Facebook’s turn. If you haven’t been following it, the story goes that a company named Cambridge Analytica used Facebook customer data to turn the 2016 US Presidential Election for Donald Drumpf. Facebook scrutiny is only going to get worse, as the extent of the possible breach becomes ever larger too.
When we first heard about the Cambridge Analytica breach, the implication was that the personal data of about 50 million people, including their political leanings and personal philosophies, had been mined to influence their voting in that election. Yesterday, Facebook revised up its estimate of affected users from 50 million to 87 million.
Not only that, but the nationalities (or at least the geographical locations) of users have expanded from America only to those in the UK, the Phillipines and even an estimated 300,000 in Australia. Australia’s federal government is now examining the potential breaches of privacy. It’s not the first country outside America to increase Facebook scrutiny, after the UK also launched a government inquiry.
Now, Facebook’s founder and CEO, Mark Zuckerberg, has openly stated that his company’s users should simply assume their data had been mined if a specific search function had been turned on. This search setting allowed users to be found via an email address or phone number. Facebook’s CTO, Mike Schroepfer said that:
“Until today, people could enter another person’s phone number or email address into Facebook search to help find them. This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name. In Bangladesh, for example, this feature makes up 7% of all searches. However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.”
Mark Zuckerberg is expected to front up to all this Facebook scrutiny by testifying before the US Congress on April 11. The consequences for these ever larger security breaches is confronting. Just how much information do you need to put online before you’re targeted by unsavory political and criminal actors?