Facebook hackers could have collected personal data of 2 billion users

No Need To Look The Other Way
No Need To Look The Other Way. 

From the Washington Post we learn that basically every piece of data Facebook collected about you has been shared with the digital marketing world, and the dark web whether you agreed to do that or not:

Facebook said Wednesday that “malicious actors” took advantage of search tools on its platform, making it possible for them to discover the identities and collect information on most of its 2 billion users worldwide.

…But the abuse of Facebook’s search tools — now disabled — happened far more broadly and over the course of several years, with few Facebook users likely escaping the scam, company officials acknowledged.

The scam started when hackers harvested email addresses and phone numbers on the “dark Web,” where criminals post information stolen in data breaches over the years. Then the hackers used automated computer programs to feed the numbers and addresses into Facebook’s “search” box, allowing them to discover the full names of people affiliated with the phone numbers or addresses, along with whatever Facebook profile information they chose to make public, often including their profile photos and hometowns.

Names, phone numbers, email addresses and other personal information amount to critical starter kits for identity theft and other malicious online activity, experts on Internet crime say. The Facebook hacks allowed bad actors to tie raw data to people’s real identities and build fuller profiles of them.

Developers who in the past could get access to people’s relationship status, calendar events, private Facebook posts and much more data will now be cut off from access or be required to endure a much stricter process for obtaining the information, Facebook said.

Until Wednesday, apps that let people input Facebook events into their calendars could also automatically import lists of all the people who attended the events, Facebook said. Administrators of private groups, some of which have tens of thousands of members, could also let apps scrape the Facebook posts and profiles of members of those groups. App developers who want this access will now have to prove that their activities benefit the group. Facebook will now need to approve tools that businesses use to operate Facebook pages. A business that uses an app to help it respond quickly to customer messages, for example, will not be able to do so automatically. Developers’ access to Instagram will also be severely restricted.

Facebook is banning apps from accessing users’ information about their religious or political views, relationship status, education, work history, fitness activity, book reading habits, music listening and news reading activity, video watching and games. Data brokers and businesses collect this type of information to build profiles of their customers’ tastes.

(click here to continue reading Facebook hackers could have collected personal data of 2 billion users .)

Heck of a network you’ve created, Zuckerberg. 

There is no way to put this information back into the bottle, the only thing left to do is protecting future information from being harvested, and perhaps punishing Facebook for its lackadaisical approach to protecting the world’s personal data. Shut them down!

Speaking for myself, I don’t feel too worried, I always was a bit leery with giving Facebook access to my actual information. They do have my birthday, and where I went to school, but nearly everything else I put in my profile was faux information, or things available elsewhere. For a long time, I’ve used the Facebook API and other tools1 to automatically post photos from Flickr, Instagram, blog entries, etc. But who knows, perhaps I wasn’t careful enough to always delete my Facebook cookies, and so they scraped more information about me than I know. I did use the Facebook app for a few months before deleting it off of my iOS devices, but all it takes is a moment of unguarded attention, and the freaks at Facebook will vacuum up everything not nailed down. So the dark web may know more about me than I know. 

In Your Bubble Where Nothing Goes Wrong
In Your Bubble Where Nothing Goes Wrong

Barbara Ortutay adds:

 

On Monday all Facebook users will receive a notice on their Facebook feeds with a link to see what apps they use and what information they have shared with those apps. They’ll have a chance to delete apps they no longer want. Users who might have had their data shared with Cambridge Analytica will be told of that. Facebook says most of the affected users are in the U.S.

As part of the steps it’s taking to address scrutiny about outsiders’ access to user data, Facebook outlined several changes to further tighten its policies. For one, it is restricting access that apps can have to data about users’ events, as well as information about groups such as member lists and content.

In addition, the company is also removing the option to search for users by entering a phone number or an email address. While this helped individuals find friends, Facebook says businesses that had phone or email information on customers were able to collect profile information this way. Facebook says it believes most of its 2.2 billion users had their public profile information scraped by businesses or various malicious actors through this technique at some point. Posts and other content set to be visible only to friends weren’t collected.

This comes on top of changes announced a few weeks ago. For example, Facebook has said it will remove developers’ access to people’s data if the person has not used the app in three months.

 

 

(click here to continue reading Facebook scandal affected more users than thought: up to 87M – Chicago Tribune.)

Sure, sure. I bet that will solve everything.

Footnotes:
  1. IFTTT, for instance []

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.