You are currently viewing #FactOfTheDay 05/04/2018 : Most of the 2 billion Facebook profiles’ information stolen

#FactOfTheDay 05/04/2018 : Most of the 2 billion Facebook profiles’ information stolen

Today, your Facebook profile has been scrapped.

Two weeks ago Facebook promised to take a hard look at the information that applications can use when you connect them to Facebook as well as other data practices. On April 4th, during the afternoon, Facebook released a report on that « look », published by the Chief Technology Officer (CTO) of the firm. This report makes clear about monitoring methods users go through, by using their Facebook accounts as they log in to different apps or websites. Applications had access to get information about events they host or attend, including private events. It also included information about other people’s attendance as well as posts on the event wall.

On Facebook, it is possible to enter another person’s phone number or email address into Facebook search to help find him or her. However, Facebook’s CTO admits in his statement that « malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery » and adds to it that « given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scrapped in this way ». Basically, it means that almost all of the 2 billion people registered on Facebook got their public information stolen by « malicious actors ». It is limited to public information which means that not all of your data on Facebook were stolen.

However, this remains very problematic since many people do not necessarily think to regulate the different levels of privacy of their publications. Thus it is not uncommon to find Facebook profiles where photos and personal relationships are exposed to the light of the simple fact that the owner of the account did not bother to set the confidentiality of his account. With this new statement from Facebook, it becomes even more important for everyone to control the information posted on Facebook.

Fear increases as the number of accounts whose personal data collected on Facebook by Cambridge Analytica rises. Indeed, Facebook is now declaring that the information of over 87 million people has been « improperly shared » with Cambridge analytica. Most of the information is related to accounts located in the United States with more than 70.5 million. Next come the Philippines, Indonesia and the United Kingdom where more than 1 million accounts in each country saw their information stolen. In Canada, more than 600,000 accounts have been affected and estimates are as high as 310,000 for Germany.

More than ever, the EU General Data Protection Regulation (GDPR) must enter into action and fulfill its purpose. The GDPR is often criticized as erecting a large number of obstacles for start-ups in the digital world with regard to the very stringent security standards it offers. Nevertheless, these appear even more necessary in the view of the weaknesses of the large companies yet known as « accustomed ». The main problem, in this case, remains that it is not about hacking and data theft, but a weakness in the terms of use proposed by Facebook to partner applications.

That being said, it appears that GDPR points out lately regarding the revelations of the past weeks.

The time has come for social networks to change and finally offer the protection needed by its users.

Jean-Hugues Migeon

For further information :

Facebook’s CTO report :

Website Handelsblatt :

To understand Cambridge Analytica scandal :

Adeline Silva Pereira

Après avoir effectué la deuxième année du master Sécurité Globale analyste politique trilingue à l'Université de Bordeaux, j'effectue un stage au sein d'EU Logos afin de pouvoir mettre en pratique mes compétences d'analyste concernant l'actualité européenne sur la défense, la sécurité et plus largement la coopération judiciaire et policière.

Laisser un commentaire