A newly discovered data breach has left over 3 million Facebook users’ data exposed for four years on an unsecured website, according to a New Scientist report. University of Cambridge academics posted the data of 3 million users collected by the popular Facebook quiz “myPersonality” on a website with “insufficient security provisions” for “anyone to access,” the story said. Evgeny Chereshnev, CEO and Founder at Biolink.Tech commented below.
Evgeny Chereshnev, CEO and Founder at Biolink.Tech:
“It doesn’t matter what this data leakage would have proven or not proven. The point is that there was always the opportunity, and possibility, that certain data would be extracted from Facebook by hackers or third party providers that we, the users, were not aware of. It has been said that it’s data taken from Facebook without the users’ consent. This is both true and not true. If you read the licence agreement, when you sign up to Facebook, you would understand that you have absolutely no rights when it comes to your data; your information, what you post and how information is gathered about you.
Facebook can analyse and use this data any way it wants. I am actually very happy this has happened, as it shows just how severe and significant the problem is. Firstly, if there is a database, it only has two states – already hacked or will be hacked – that is simply the fate of all centralised user databases.
We have to embrace blockchain and diversified, distributed way of dealing with data. Secondly, we need to totally rethink the way we approach data – our digital trail and dDNA (digital DNA). Privacy of personal data MUST become a constitutional right that everyone has from birth. Data is there forever, and it should be illegal to take it from users. It goes back to the age old question – what is self? Who owns it and what needs to be co-owned by third parties for self to coexist in the society that we live in? For example, a healthcare system needs access to my vital health records in order to administer the right treatment, but they don’t need to own that data. We should own our own self. In that sense, the EU is the closest to doing the right thing, but there is always room for improvement, even when GDPR comes into effect.
Trust in Facebook has been broken, and investors are dumping stock primarily because of that. There is too much at stake as it’s now a potentially toxic asset due the information revealed by whistleblowers, the potential investigation results and now this new breach disclosure.
If there is rock-hard proof and evidence that Facebook data has been used to influence Trump’s election, the Brexit decision and many other political voting processes, Facebook could go bankrupt. The amount of legal cases and the dollar amounts of those, especially when GDPR law comes into effect, are potentially too high even for Facebook to handle. They are potentially unprecedented. Advertising revenues would drop as well, especially with icons like Elon Musk leaving Facebook for good. Cases like that are a clear signal that the flaws of Facebook are clear, serious and impossible to fix fast. At the end of the day, it all comes down to the business model – Facebook’s revenues come from user tracking, profiling and providing third parties with way simpler, yet similar, abilities; and the world now sees it’s not OK.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.