Meta was fined €265 million for allowing scrapers to steal data from Facebook’s centralized user database

by | Nov 29, 2022

Meta was fined

On November 28th, the Irish Data Protection Commission (DPC) announced Meta was fined 265 million euros ($274.8 million) for violating the EU’s General Data Protection Regulation (GDPR). More specifically, the commission said Meta was fined because it had failed to ensure that Facebook was built to prevent data breaches. A probe that began in April of 2021 led to the announcement. The actual breach happened much earlier, in the latter half of 2019.

Tech Crunch reported initially on the data breach, which exposed the exposure of hundreds of millions of Facebook users’ phone numbers in a searchable online database. Even though the hosting service removed the database, its existence indicated that Facebook’s data had been compromised.

The Irish data protection Commission’s investigation

The DPC started looking into the hack in April of that year. Meta released a statement at the time titled “The Facts on News Reports About Facebook Data” in response to the hack. In this case, Meta claimed that an attacker had used its contact importer tool to flood the server with phone numbers, looking for those that led to Facebook profiles.

With each successful response, the attacker was one step closer to obtaining the user’s personal information by linking it to the user’s phone number. The result was that sensitive information about the users was exposed to bad actors.

The company said it had fixed the contact importer’s security flaw as soon as it was discovered.

See also  We are thrilled to announce that Twitter will be sharing ad revenue with Twitter Blue Verified Creators!

A new statement from the DPC claims that the investigation into this incident revealed an “infringement of Articles 25(1) and 25(2) GDPR,” for which “administrative fines totaling €265 million” were levied.

Personal information in social media apps

Recently, as data breaches have become more commonplace, using personal information in social media apps has become controversial. Companies in the blockchain space have responded to this issue by developing social media apps for the platform that don’t ask for personal information like email addresses or phone numbers. For instance, social media apps like Bitclout and Blockster let users sign up using only an Ethereum wallet.

To standardize the wallet login procedure for all apps, Ethereum developers have proposed EIP-4361. Advocates think this could prevent future breaches by removing the incentive for social media apps to request users’ sensitive personal information.

Source: cointelegraph

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?


Submit a Comment

Your email address will not be published. Required fields are marked *

Sarah M

Sarah M


Sarah is the founder, owner, editor, and writer at Social Media Notes. She also does SEO, SMM, and is the SEO consultant for various companies. We hope that reading the blog posts on Social Media Notes would bring you more knowledge, and insight. Welcome to Social Media Notes!

Recent News