Twitter Hack (2020)
Incident: In July 2020, Twitter experienced a large-scale hack where high-profile
accounts, including those of Barack Obama, Elon Musk, and Bill Gates, were
compromised. The hackers used these accounts to promote a Bitcoin scam, asking
followers to send crypto currency in exchange for double the amount.
Cause: The hackers gained access by using social engineering techniques to trick
Twitter employees into giving them access to Twitter's internal systems. They were able
to take control of numerous verified accounts.
Impact: Though this hack didn’t involve personal data theft on a massive scale, it
exposed vulnerabilities in Twitter’s internal security processes and raised concerns about
how secure social media platforms are, especially in the hands of bad actors.
Cambridge Analytica Scandal
Facebook owner Meta has agreed to pay $725m (£600m) to
settle legal action over a data breach linked to political
consultancy Cambridge Analytica.
The long-running dispute accused the social media giant of allowing third parties,
including the British firm, to access Facebook users' personal data.
The proposed sum is the largest in a US data privacy class action, lawyers say.
Meta, which did not admit wrongdoing, said it had "revamped" its approach to
privacy over the past three years.
In a statement, the company said settling was "in the best interest of our
community and shareholders".
"We look forward to continuing to build services people love and trust with privacy
at the forefront."
Tech author James Ball told the BBC it was "not a surprise" that Meta has had to
agree to a serious pay-out but that it was "not that much" money to the tech giant.
"It's less than a tenth of what it spent on its efforts to create 'the metaverse' last
year alone," he said.
"So Meta probably won't be too unhappy with this deal, but it does stand as a
warning to social media companies that mistakes can prove very costly indeed."
The suggested settlement, which was disclosed in a court filing late on Thursday,
is subject to the approval of a federal judge in San Francisco.
"This historic settlement will provide meaningful relief to the class in this complex
and novel privacy case," lead lawyers for the plaintiffs, Derek Loeser and Lesley
Weaver, said in a statement.
Facebook scandal 'hit 87 million users'
Facebook agrees to pay Cambridge Analytica fine
Facebook sued for 'losing control' of users’ data
The complaint was filed on behalf of a large proposed class of Facebook users,
whose personal data on the social network was released to third parties without
their consent.
The class size is "in the range of 250-280 million" people, according to the ruling
document, representing all Facebook users in the US during the "class period"
which runs from 24 May, 2007 to 22 December, 2022.
It is not clear how the plaintiffs would claim their share of the settlement.
Janis Wong, a privacy and ethics researcher at The Alan Turing Institute, said it
would only amount to two or three dollars per person if each individual decided to
make a claim.
A further hearing on the settlement is due to take place on 2 March, 2023.
"Even though this $725m settlement doesn't cover UK users, earlier this year a
competition law expert put forward a multi-billion dollar class action suit against
Meta regarding users' data exploitation that does cover the Cambridge Analytica
period.
"We should hear more about that from the UK Competition Appeal Tribunal in the
new year," she told the BBC.
How the Facebook-Cambridge Analytica data scandal unfolded
The harvesting of Facebook users' personal information by third-party apps was
at the centre of the Cambridge Analytica privacy scandal, exposed in 2018.
The consulting firm, now defunct, worked for Donald Trump's successful
presidential campaign in 2016, and used personal information from millions of US
Facebook accounts for the purposes of voter profiling and targeting.
The firm obtained that information without users' consent from a researcher who
had been allowed by Facebook to deploy an app on the platform which harvested
data from millions of its users.
Facebook believes the data of up to 87 million people was improperly shared with
the political consultancy.
The scandal prompted government investigations into Facebook's privacy
practices, leading to lawsuits and a high-profile US congressional hearing in
which Meta boss Mark Zuckerberg was questioned.
In 2019, Facebook agreed to pay $5bn to resolve a Federal Trade Commission
probe into its privacy practices.
The tech giant also paid $100 million to settle US Securities and Exchange
Commission claims that it misled investors about the misuse of users' data.
Investigations by state attorneys general are continuing, and the company is
challenging a legal action by the attorney general for Washington DC.
(BBC)
1. Inadequate Oversight of Third-Party Apps:
Counterpoint: Facebook had a responsibility to monitor how third-party apps were using
user data, but it failed to do so adequately. The platform allowed apps to access large
amounts of data from users and their friends without stringent oversight. Even though
Cambridge Analytica violated Facebook’s terms of service, Facebook should have
enforced better data-sharing policies and actively monitored compliance.
Why Facebook Is Responsible: Facebook's permissive system allowed app developers
to gather data from users' friends without their consent. The sheer amount of data that
was accessible—without proper safeguards—points to Facebook’s weak regulatory
framework.
2. Lack of Transparency and User Awareness:
Counterpoint: Although users consented to share their data with the quiz app, Facebook
did not clearly communicate the extent to which their data (or their friends' data) would
be accessed and used by third parties. Users were not fully informed about how their
information would be shared, which represents a failure in transparency.
Why Facebook Is Responsible: Many users were unaware that data from their friends’
profiles could also be collected through these apps. Facebook’s privacy settings and
terms of service were opaque, which allowed third-party apps to exploit users’ data
without their informed consent.
3. Failure to Ensure Data Deletion:
Counterpoint: After learning in 2015 that Cambridge Analytica had improperly obtained
the data, Facebook simply asked the company to delete it, without ensuring that the
deletion actually occurred. Facebook trusted Cambridge Analytica’s word instead of
actively verifying that the data had been erased.
Why Facebook Is Responsible: This represents a critical oversight on Facebook’s part.
Given the scale of the data misuse, Facebook had a duty to conduct a thorough audit to
ensure compliance. Its failure to follow up allowed Cambridge Analytica to continue
using the data for years.
4. Facebook’s Business Model Encouraged Data Exploitation:
Counterpoint: Facebook’s entire business model is based on collecting and monetizing
vast amounts of user data. By creating an environment where third-party apps were
encouraged to gather data for targeted advertising, Facebook indirectly facilitated the
misuse of data.
Why Facebook Is Responsible: Facebook profited from the very system that allowed
Cambridge Analytica to access and exploit data. By prioritizing growth and engagement
over user privacy, Facebook helped create the conditions that allowed such a scandal to
occur.
5. Delayed Response and Public Notification:
Counterpoint: Facebook knew about the data breach in 2015, yet it did not inform the
public until 2018 when media reports brought the scandal to light. This three-year delay
in disclosing the breach shows a lack of accountability and transparency.
Why Facebook Is Responsible: By failing to promptly notify users and regulators about
the breach, Facebook allowed the damage to continue unchecked. During this time,
Cambridge Analytica continued to use the data for political purposes, including the 2016
U.S. presidential election.
6. Lax Data Access Policies:
Counterpoint: Facebook's data access policies at the time were extremely lax. Third-
party developers were able to access large amounts of data from users and their friends
with little to no checks on how this data was being used. Facebook’s platform design
made it too easy for developers to harvest user data at scale.
Why Facebook Is Responsible: The scandal highlights a systemic problem with how
Facebook managed user data. Facebook allowed developers like Aleksandr Kogan to
gather data well beyond what was necessary for the app, without implementing proper
security measures to prevent misuse.
SOURCES –
1. Inadequate Oversight of Third-Party Apps:
Source:
o The Guardian: Facebook fined £500,000 for Cambridge Analytica scandal
(2018) - This article discusses how Facebook allowed third-party developers to
access vast amounts of user data without oversight, contributing to the breach.
o Wired: Facebook's Data Sharing Policies Were a Huge Part of the Problem
(2018) - This highlights how Facebook’s open API allowed developers to gather
data on users and their friends.
2. Lack of Transparency and User Awareness:
Source:
o New York Times: Facebook Failed to Protect 87 Million Users from Cambridge
Analytica Breach (2018) - This article explains how users were largely unaware
that their data, and their friends’ data, could be collected through apps like
Kogan's.
o CNBC: How Cambridge Analytica Used Facebook Data to Sway Voters (2018) -
Discusses how users had no idea that the quiz app would access their friends’
profiles, showing a lack of transparency in how Facebook allowed data to be
shared.
3. Failure to Ensure Data Deletion:
Source:
o The Guardian: Facebook Faces Backlash After Cambridge Analytica
Revelations (2018) - Details how Facebook asked Cambridge Analytica to delete
the data in 2015 but failed to verify whether the data was actually deleted.
o Vox: Facebook’s Role in the Cambridge Analytica Scandal, Explained (2018) -
This article points out how Facebook trusted Cambridge Analytica’s word that the
data had been erased without further verification.
4. Facebook’s Business Model Encouraged Data Exploitation:
Source:
o The Atlantic: The Business Model That Paved the Way for the Cambridge
Analytica Scandal (2018) - This piece describes how Facebook’s business model
of monetizing user data enabled widespread access to personal information for
advertising purposes.
o Financial Times: Facebook’s Ad-Driven Model Is Central to the Cambridge
Analytica Scandal (2018) - Highlights how Facebook’s focus on user engagement
and ad targeting contributed to the systemic exploitation of personal data.
5. Delayed Response and Public Notification:
Source:
o BBC: Facebook Knew About Cambridge Analytica Leak in 2015, Did Not Inform
Public Until 2018 (2018) - This article covers how Facebook was aware of the
breach for three years before the scandal became public knowledge.
o Reuters: Facebook Apologizes for Delay in Revealing Cambridge Analytica
Breach (2018) - Describes Facebook’s failure to notify users and regulators about
the data misuse until it became a public issue.
6. Lax Data Access Policies:
Source:
o The Verge: Cambridge Analytica Scandal Exposes Facebook’s Weak Data
Controls (2018) - This article explains how Facebook’s lax data-sharing policies
allowed third-party apps to gather data from millions of users.
o The Washington Post: Facebook’s API Left User Data Exposed to Developers
(2018) - Details how Facebook’s policies allowed developers to easily harvest
user data with little restriction.
7. Failure to Act on Prior Warnings:
Source:
o The Guardian: Facebook Ignored Internal Warnings About Data Privacy in
2011 (2018) - Discusses how Facebook ignored earlier warnings and previous
complaints about potential misuse of user data.
o The Wall Street Journal: Facebook Was Warned About Data Privacy Issues
Before Cambridge Analytica (2018) - This article provides context on prior
concerns and settlements Facebook had with regulators regarding privacy,
including a settlement with the FTC in 2011.
o
