The Financial Times reports the Irish Data Protection Commission has fined WhatsApp €225 million ($266.8 million) for not sharing enough details of how it shares European Union users' data with Facebook. The messaging service allegedly failed to live up to its General Data Protection Regulation (GDPR) transparency obligations. The Commission also said the data sharing itself violated GDPR. WhatsApp was merely storing "pseudonymous" phone number data, for instance, rather than truly anonymizing it. While the numbers were stored using lossy hashes, WhatsApp had the hash key needed to decrypt that info -- it could tie that number to a specific person if it wanted. The ruling asked WhatsApp to both improve its transparency and bring the data sharing in line with the GDPR.
Ireland's Data Protection Commission (DPC) is investigating the recent leak of a Facebook user dataset that dates back to 2019. At the start of April, it came out that someone on a hacking forum had made the dataset public, exposing the personal information of about 533 million Facebook users in 106 countries. Depending on the account, there are details about phone numbers, birth dates, email addresses, locations and more. The source of the leak is an oversight Facebook fixed in August 2019. "The DPC, having considered the information provided by Facebook Ireland regarding this matter to date, is of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users' personal data," the agency said in a statement spotted by TechCrunch.
Facebook will not notify the more than half a billion people caught up in a huge leak of personal information, it has said. Over the weekend, it emerged that a vast trove of data on more than 530 million users – containing information including their phone numbers and dates of birth – was being made freely available online. Facebook said that the data was gathered before 2019. It later said that " "malicious actors" had obtained the data prior to September 2019 by "scraping" profiles using a vulnerability in the platform's tool for synching contacts, and that the loophole that allowed them to do so had now been closed. But it said that it did not inform users when the leak happened, and does not have plans to do so now.
Cybersecurity experts revealed a few days ago that over half a billion Facebook users' personal information have been leaked. It's a gold mine of data, which includes users' full names, birthdays, locations and phone numbers. Although Facebook claims that the actual hack happened a couple of years ago, it won't hurt if users made sure their account is not part of the breach and if they are, they should take a few preventive measures to ensure future incidents as messy as this one won't affect them. Australian Security Researcher and HaveIBeenPawned Founder Tony Hunt recently added the 533 million phone numbers exposed in the Facebook data leak to his website. Those worried if their mobile numbers were part of the leak can visit the site and check if their number is there.
The news: The personal data of 533 million Facebook users in more than 106 countries was found to be freely available online last weekend. The data trove, uncovered by security researcher Alon Gal, includes phone numbers, email addresses, home towns, full names, and birth dates. Initially, Facebook claimed that the data leak was previously reported on in 2019 and that it had patched the vulnerability that caused it that August. But in fact, it appears that Facebook did not properly disclose the breach at the time. It only finally acknowledged it on Tuesday April 6 in a blog post by product management director Mike Clark.
Data from a 2019 hack of Facebook Inc. was made public in recent days, revealing the phone numbers and personal information of more than a half-billion people. While the data came from a vulnerability of Facebook platforms that the company says it has since fixed, security experts say that scammers could use the information for nefarious purposes like spam email and robocalling. Regulators in Europe have asked Facebook for more details about the data leak. Facebook said Tuesday in a blog post that the data leak reflects the ongoing need to police actions of bad actors on its platform. Here is what you need to know.
A two-year-old problem is coming back to haunt Facebook in 2021, and in the process serving as a reminder to users that personal data, once leaked, really is out there forever. It started on Saturday when Alon Gal, co-founder and CTO of Hudson Rock, a "cybercrime intelligence" firm, took to Twitter with a thread detailing how "533,000,000 Facebook records were just leaked for free." That number includes more than 32 million U.S. users alone, and spans 106 countries in total. Details include: Phone number, Facebook ID, Full name, Location, Past Location, Birthdate, (Sometimes) Email Address, Account Creation Date, Relationship Status, Bio. Bad actors will certainly use the information for social engineering, scamming, hacking and marketing.
The UK's data regulator is writing to WhatsApp to demand that the chat app does not hand user data to Facebook, as millions worldwide continue to sign up for alternatives such as Signal and Telegram to avoid forthcoming changes to its terms of service. Elizabeth Denham, the information commissioner, told a parliamentary committee that in 2017, WhatsApp had committed not to hand any user information over to Facebook until it could prove that doing so respected GDPR. But, she said, that agreement was enforced by the Irish data protection authority until the Brexit transition period ended on 1 January. Now that Britain is fully outside the EU, ensuring that those promises are being kept falls to the Information Commissioner's Office. "The change in the terms of service, and the requirement of users to share information with Facebook, does not apply to UK users or to users in the EU," Denham told the digital, culture, media and sport sub-committee on online harms and disinformation, "and that's because in 2017 my office negotiated with WhatsApp so that they agreed not to share user information and contact information until they could show that they complied with the GDPR."
Helen Dixon, head of Ireland's Data Protection Commission, in May submitted a draft decision to more than two dozen of the bloc's privacy regulators for review, as required under the law. Eleven regulators objected to the proposed ruling, sparking a lengthy dispute-resolution mechanism, she said. The contents of the draft decision haven't been disclosed. Twitter's European operations are based in Dublin. "It's a long process," Ms. Dixon said at The Wall Street Journal's virtual CIO Network conference.