Meta Fined $275 Million for Data Privacy Infringement as More Reports of Leaks Surface
There doesn’t seem to be a week that goes by without Meta being fined for mishandling data recently. This time, the fine is from the Irish Data Protection Commission (DPC) for not protecting 500 million Facebook users from a hack that released their personal data.
The investigation was triggered in April 2021 after Business Insider reported that more than 500 million Facebook users’ details had been posted on an underground hacker website. The hack involved malicious use of Facebook’s contact importer tool to match known phone numbers with the profiles of Facebook users and then scraping additional information from their profiles. A spokesperson for Meta explained:
We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers. Unauthorized data scraping is unacceptable and against our rules.
Meta has been fined around $900 million in total
Also in the statement, Meta said, “Protecting the privacy and security of people’s data is fundamental to how our business works,” however since 2021 Meta has been fined around $900 million for alleged infringements to the data privacy laws of Europe’s General Data Protection Regulation (GDPR) by the Irish Data Protection Commission.
In September, Meta was fined $400 million for Instagram’s public disclosure of email addresses and/or phone numbers of children using Instagram. In October, Meta was fined $235 million for WhatsApp breaching data privacy laws and, last week, Meta Pixel was caught silently sending sensitive financial data to Facebook without a user agreement.
In more recent news, Meta’s WhatsApp has had to deny that it suffered a data leak. On 16 November, a hacker put a database containing the phone numbers of 487 million WhatsApp users up for sale. The hacker told Cybernews that the database contains phone numbers from 84 countries, including the phone numbers of 32 million US users. It is alleged that the US dataset is on sale for $7,000.
The hacker did not comment on how they obtained the data. However, if the data leak is true, it is most likely the result of a scraping attack similar to that which Meta just got fined for. Since June 2021, a database of 500 million Facebook user details including name, mobile number, gender, occupation, city, country and marital status has been available online.
The list is so readily available that hackers are not even charging for it anymore. The co-founder of the Israeli cybercrime intelligence firm Hudson Rock Alon Gal said in a tweet that,
If you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
In our office, the odds for another Meta fine before the weekend are 1/3.