In what could be yet another massive Facebook data breach, like that of Cambridge Analytica (CA), more “instances of misuse of user data or other undesirable activity by third parties” is expected, Facebook said in its quarterly report shared with the US Securities and Exchange Commission (SEC) on Thursday.
As per reports, in the filing, Facebook, without quoting CA, said, “The discovery of the foregoing may negatively affect user trust and engagement, harm our reputation and brands, and adversely affect our business and financial results. We may also be notified of such incidents or activity via the media or other third parties.”
The company further said, “Such incidents and activities may include the use of user data in a manner inconsistent with our terms or policies, the existence of false or undesirable user accounts, election interference, improper ad purchases, activities that threaten people’s safety online or offline, or instances of spamming, scraping, or spreading misinformation.”
Facebook claims that British political consultancy firm Cambridge Analytica reportedly harvested personal data of its 87 Mn users, although the latter rubbished the claim taking it on twitter, stating, “Cambridge Analytica licensed data from GSR for 30 Mn individuals, not 87 Mn. We did not receive more than 30 Mn records from research company GSR.”
Experts opine the new Facebook revelation may expose the social media giant to more regulatory risk, fines and penalties, beyond the scrutiny.
In the aftermath of Facebook data breach, an outraged campaign against the social media giant using hashtag #DeleteFacebook stormed that expressed concern over the lack of privacy in social media. However, Deutsche Bank in its survey report concluded that only “1% of 500 users were deactivating or deleting their accounts” after the data breach.
According to Facebook Reports First Quarter 2018 Results, daily active users (DAUs) were 1.45 Bn on average for March 2018 registering an increase of 13% Year-over-Year (YoY) while the monthly active users (MAUs) were 2.20 Bn as of March 31, 2018. Currently, India is home to 270 Mn Facebook users, ahead of the United States with 240 Mn Facebook users, according to Statista report.
Post the data breach, attempts are underway to retrace steps to analyse what led to the Facebook-Cambridge Analytica fiasco. It all started in 2014, when an academic of Russian origin, Aleksandr Kogan, created a Facebook app which paid thousands of users to take a psychological test.
Then Kogan sold the data to the British company Cambridge Analytica, a privately held company that combines data mining, data brokerage and data analysis with strategic communication for the electoral process.
Much later, in 2016, Facebook came in crosshairs after the US Presidential elections. Post the elections, Facebook got embroiled in accusations that it helped spread misinformation and fake news stories that influenced how the Americans voted.
Facebook has said it has worked on its control systems since it discovered the alleged abuses by Cambridge Analytica in 2015, but the issue has continued to rock the companies involvement as well as some political parties across the world.
Meanwhile, the Government of India has already sent a letter to Facebook and Cambridge Analytica in the wake of the data breach. After finding discrepancies between the earlier responses by the two companies during the case of data breach, the government has sent another letter to the duo seeking their responses by May 10.
India Embroiled With Data Privacy Issues
In a similar digital data breach, UIDAI is currently faced with scores of criticisms related to the security of Aadhaar cards after massive data leak got exposed on Twitter by Aadhaar whistleblower Srinivas Kodali who published the screenshots of Aadhaar data details of MNREGA (Mahatma Gandhi National Rural Employment Guarantee Act) beneficiaries. The expose suggests data leak might have affected over 8.9 Mn Indians.
The latest Aadhaar data leak has revealed details such as a person’s Aadhaar number, bank branch, IFSC code, account number, father’s name, address, Panchayat, mobile number, ration card number, occupation, religion and caste, etc.
Similarly, Aadhaar has faced several data breach revelations on social media by hackers that has turned the discussions more towards the data security and viability of Aadhaar in the Indian landscape.
In January, the Aadhaar system was hacked by a self-proclaimed French cybersecurity expert aka Elliot Alderson. Soon after a leakage was reported, an unidentified group on WhatsApp shared links containing the login and the password details which enabled access to 1 Bn Indian citizens.
At the same time, India has recorded more than 100 security breaches on government portals, including the Supreme Court website. On the official website, it read “hackeado por HighTech Brazil HacTeam” i.e. “Hacked by HighTech Brazil HacTeam” with an image of a Marijuana leaf along with the message.
Notably, India, in 2017, reported 1,579 cases of data breach.
In light of Facebook data breach, the company has come out with new services guidelines with an updated data collection policy in which the company has added more privacy controls. The updated policy states how and why they collect the user data.
The company is changing its terms to minimise the number of users covered by new EU privacy law GDPR. It plans to make the case for only European users to take effect on May 25, this year.
Post the data breach, other social media giants like Twitter, LinkedIn have also rallied to change their terms and policies. But despite Facebook making the updates in its policies, with the new revelation, it might be in line to issue a fresh apology as well.