Private messages for sale from 81,000 hacked Facebook accounts

Private messages for sale from 81,000 hacked Facebook accounts

News has broken that 81,000 hacked Facebook accounts have had their private messages stolen. The hackers are now attempting to sell this data on, at the price of 10 cents (8p) per account, and are also claiming that they have obtained details from even more accounts – 120 million – although this has not been verified.

hacked facebook accounts hackerFacebook has already faced huge problems regarding data protection. It was fined £500,000 earlier this year for its role in the Cambridge Analytica scandal, and it now looks like it will be facing further penalties from the Information Commissioner’s Office (ICO). Regardless of the scale of this latest breach, things are looking bad for the social media giant.

Whatever happens next, a new fine will tell us something useful. The Cambridge Analytica scandal took place before GDPR came into effect in May, so the fine against Facebook was brought according to the pre-existing data laws. Specifically, it came under the Data Protection Act 1998. A new fine relating to this latest breach, however, will fall under GDPR.

It’s important to note that Facebook have not been able to hide behind being a US company. And as it turns out, they may have been fortunate that the Cambridge Analytica scandal was exposed before May 25th; it’s impossible to say what the fine would have been under GDPR, but it may well have been considerably greater than £500,000.

No matter what, though, the single biggest issue here is the ongoing risk to users. Facebook is a built around people’s personal data, but has so far been unable to provide adequate protection for that data. If the trend continues, there could be even more trouble ahead for the company.

You can find out more about this latest data breach of hacked Facebook accounts here.

And if you want to ensure that your company is GDPR compliant, make us of our GDPR Gap Analysis to make sure that you avoid heavy fines.

UK issues first GDPR notice – and why you should take note…

UK issues first GDPR notice – and why you should take note…

The first GDPR notice in the United Kingdom has been issued to AggregateIQ Data Services. The Canadian firm was linked to the Facebook-Cambridge Analytica Scandal earlier this year, providing tools involved used in data analytics for political campaigns. Having caught the attention of the Information Commissioner’s Office, it has now run into trouble for failing to comply with GDPR.

first GDPR notice

The ICO has served this notice in connection to EU citizen data being held by AIQ. Because the data involved – including names and email addresses – is being stored for political purposes and without the users’ consents, there is no lawful basis for AIQ to process it.

Take a look at the full story about the UK’s first GDPR notice here:

There are several important things to note about this, illustrating the dangers of not being fully aware of GDPR and its implications…

  • AIQ may be based outside of the UK, but this doesn’t protect it. This is because, in the words of the ICO, “AIQ’s processing of personal data is said to relate to monitoring of data subjects’ behaviour taking place within the European Union”.
  • For its role in the Cambridge Analytica scandal in March, Facebook was fined £500,000 under the terms of the Data Protection Act 1998. However, the notice issued to AIQ still comes under GDPR, even though the data it is processing relates to the same scandal. This is because AIQ didn’t tell the ICO it still held EU citizen data until May, when GDPR came into effect.
  • The issue for AIQ is that there’s no legal basis for them to hold this data. The ICO states: “The controller [AIQ] has failed to comply [with GDPR]. This is because the controller has processed personal data in a way that the data subjects were not aware of, for purposes which they would not have expected, and without a lawful basis for that processing.”
  • While the GDPR notice has only recently come to the attention of the public, it was originally issued in July. The ICO demanded that AIQ “cease processing any personal data of UK or EU citizens obtained from UK political organizations or otherwise for the purposes of data analytics, political campaigning or any other advertising purposes.”
  • AIQ had only thirty days to comply with this demand. Considering that the Cambridge Analytica scandal hit 87 million users, and that the firm provides software and tools for managing data for political purposes, this is a huge job to perform in such a short space of time.

It should be noted that AIQ has the right to appeal – and is exercising that right. However, if its appeal is rejected, it will face fines of up to €2 million or 4% of its annual global turnover, whichever is higher – and that is per data breach

For our help and support with your own GDPR awareness and compliance programme, use the Contact Form on the right to get in touch today.

Facebook Reveal New Data Privacy Policy

Facebook Reveal New Data Privacy Policy

After the huge data scandal involving Cambridge Analytica, Facebook has updated its Data Privacy Policy in preparation for the new GDPR regulations.

When you next login to Facebook you should be redirected to two or three new pages informing you about their new privacy policy. Facebook has acted quickly after the data breach scandal and is now going all-in with data protection and GDPR.

The most welcome thing you’ll see from Facebook’s new policy is how much more control you’ll have as a user. A big positive coming from GDPR is that users have so much more control over their personal data, and it’s a welcome sight seeing Facebook comply here.

While the Cambridge Analytica scandal has really hurt Facebook’s credibility, the company has acted very quickly and efficiently to become more GDPR compliant.

It’s still not too late to become fully compliant with GDPR before the May 25th deadline – but you’ll need to act fast, and with professional consultants helping you on the way. That’s where we come in. Check out our services and get in touch with us for a quote now…

Read more on Facebook’s new policy here:

Facebook Reveal New Data Privacy Policy

How the Facebook Privacy Policy Could be Improved

The Facebook privacy policy is undergoing some development amidst the recent scandal involving the social media giants and Cambridge Analytica. Facebook will hope that this re-design of their privacy policy and infrastructure will better secure individuals’ data.

The main issue that arose from Cambridge Analytica taking 50 million user data was that it was obtained without consent. How is this possible? Well, unless an individual user has put their privacy settings to the highest level, pretty much anyone can view your information.

So how can Facebook adapt and give their user the power to control what they consent to and what they share?

Friends and Mutual Friends

One way Facebook can allow users to share their data – thereby consenting to share their data – is by adding a friend. Once you confirm a new friend this can essentially be considered as an individual providing consent to share their personal data with another individual – who is equally consenting to share their data.

The issue is that many users will most likely not have the privacy settings set to completely private. Which means people you may not even know can see your personal data (organisation such as Cambridge Analytica, for example). The option for you to hide your personal data from anyone who isn’t a friend should be in place from the get-go. It would then be on the individual to consensually adjust their settings to allow for more public sharing of data.

The really big issue is that isn’t easily fixable and would only really be an option for new Facebook users – and after this farce, that’s fairly unlikely. The best thing Facebook could do could be to just notify their users that they are setting EVERYONE’S Privacy Settings to the highest privacy option – I.E. that no-one can view your profile. That would then give the individual the power to set their profile to whatever privacy setting they like – thereby consenting to share their data with a select number of people that they choose.

This is just one example of what Facebook could do, but it also illustrates the massive task Facebook have on their hands. Would forcing their users to set their own privacy settings go down well? How would they go about obtaining consent to process individuals’ data? Can they just encrypt all the data they currently hold and ask for users to re-consent? Again, these are just a few of the many, many questions Facebook need to be asking themselves.