I don't expect this article to play well with a tech audience who knows that FB's data breaches aren't anything special, every company has data breaches just FB is a bigger target.
I accept it. Facebook is probably one of the better companies out there when it comes to security. They haven't had a true breach; the scandals so far have been small, mostly because the mores of society have shifted before FB can roll out changes to match them (and they always do).
Users don't care whether it was hacked or Facebook gave it away, they care that their data was exposed in ways they weren't aware of.
If anything, the reality (it's intentional) is worse than the misunderstanding (it was hacked). This is no defense of Facebook, nor a counter to the broader narrative.
> In response to the reporting, Facebook said in a blog post on Tuesday that "malicious actors" had scraped the data by exploiting a vulnerability in a now-defunct feature on the platform that allowed users to find each other by phone number.
For Facebook, an actual data breach would be better. They could button things up and make some statements and move on.
This appears to have been systemic and profitable for them because companies would turn around and pay them for highly targeted ads. They ignored it because of greed.
This thread is a little pessimistic. Why would facebook suffer any consequences from this whatsoever? When has a data breach actually affected the company?
This could be the first large breach we've seen from FB like this. Most past breaches were of a much different and smaller nature (scraping or API access abuse), and seeing a real leak like this could change the landscape for FB quite a bit, since historically companies like Facebook and Google have been very good with preventing them. I don't know a ton about FB's specifics, but there's a chance this data could be 'public' from people with the given privacy settings, if perhaps 25% of users have that turned on. If that is not the case though, then this would be the first serious breach from FB imo.
Either way at this point I operate under the expectation that most information I input into a database may be leaked at some point. This is particularly rough for services that demand and track a lot of things, but it cannot be helped.
They haven't had security 'breaches' because nobody ever called it that, but FB has been leaking data out the back door for years.
The amount of info that you used to be able to pull from Facebook's API was incredible, and most people didn't realize it. Even information as bland as friends and friends-of-friends is enough to build a useful social graph around a person. (Years ago I did just this, and it was amazing how the graph clustered all my different social groups)
I think the problem is that FB or Apple don't really get directly hurt from these exploits being used. Some politician gets hacked and important personal data gets leaked - oh well, there was a bug, we've patched it, one less user out of a few billion. And the vast majority of people probably don't rank this kind of thing very high on their threat model, they're either not going to know or aren't going to care.
The reality is that huge amounts of personal data were harvested by third parties through app permissions - apparently with FB’s knowledge and support.
No one needs back door hacks to get into a vault when the front door is wide open.
Facebook has had several high profile data breaches, 530 million users' data in an unsecured database in 2019, and several issues surrounding data sharing with third party apps on their platform.
Words mean things. Don't assume that because someone nitpicks a technically incorrect use of a word/term that they are shooting down the entire argument. In fact, we're often trying to help; because we do agree with you; but can't get behind what you're saying 100% because part of it is not actually correct.
I'm definitely not disputing the fact that FB is an evil entity that only cares about making profits off your personal information. But, they haven't suffered a data breach in the same way as, say, Equifax; and it seems to me that choosing to use the word "breach" here must be in an effort to get more clicks; because "breach in the Equifax sense" is what the author knows most people will assume is meant.
reply