The IT Nerd

Facebook yesterday decided to respond to reports of a massive data breach that puts the data of over 500 million users at risk. Facebook product management director Mike Clark explained the situation in a blog post published to the company’s newsroom. Having read this blog post, this is a blatant attempt to spin and downplay the breach, likely to avoid people fleeing the platform and having authorities punish the company over it.

Here’s the highlights:

• Clark acknowledges the Business Insider report regarding a massive leak of data. But at the same time he says that the information was scraped and not obtained through a hack.
• Facebook is “confident” that it rectified the issue that allowed the hacker to get in and swipe this data.
• There’s nothing else to see here. Move along.

I am sorry. But this blog post isn’t even close to being good enough in terms of explaining what happened here. Facebook truly needs to be punished for this. Especially seeing as Mark Zuckerberg’s personal data was part of this data breach. Which is a bit ironic. What needs to happen is that either the relevant authorities investigate the company and serve up some meaningful punishment, or via users finally saying enough is enough and dumping Facebook. We’re beyond the point of giving this company a pass and it’s time to finally #DeleteFacebook.

Yesterday, I posted a story that detailed the leaking of information related to over 500 million Facebook users. That should alarm you as that’s not trivial and you need to take immediate action to protect yourself. And the first step in taking action is to find out if you are affected by this. Here’s how you do that:

• Head to haveibeenpwned.com on your phone or desktop.
• Enter your email ID.
• If your email was compromised, you’ll get a warning to change the password and enable two-factor authentication. You can also scroll down on the page to see all the breaches that may have included your credentials tied to the email address you entered.

If you are a Facebook user, you should do that ASAP as it is a safe bet that criminals have already started to use this leaked information to target people for scams and the like. It’s also one more reminder that you should strongly consider dumping Facebook as clearly security of your information is not top of mind with them.

A database containing the leaked phone numbers (and other personal information) of some 533 million Facebook users has just been spotted online. The database was posted to a low-level hacking forum for free.

Yikes!

Here’s what Business Insider said:

The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.

Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users’ phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook’s password reset feature, which can be used to partially reveal a user’s phone number.

A Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.

While a couple of years old, the leaked data could provide valuable information to cybercriminals who use people’s personal information to impersonate them or scam them into handing over login credentials, according to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, who first discovered the entire trough of leaked data online on Saturday.

This is extremely bad and whether this hack happened 2 years ago or 2 minutes ago. Here’s why:

Here’s how Facebook should be punished for this latest screw up. Facebook has a market cap of over $800 billion. So I suggest a fine of $80 per account. For the roughly half billion accounts exposed, that would come to $40 billion, or about 5% of their market capitalization. That would really get their attention and you would bet your last dollar that Facebook would never, ever be this negligent again.

Let’s see if that happens. But I don’t think it will.

UPDATE: David Masson, Director of Enterprise Security for Darktrace had this to say: 

The events of this weekend surrounding Facebook highlights the urgent necessity for an approach to security that stops threats, even once they have penetrated the perimeter. Though the Facebook data exposure is a reiteration of a previous breach, it demonstrates the severity of these kinds of attacks. The ramifications of personal data theft and abuse continue to be felt not just by Facebook, but also by the victims of the breach years after the initial incident. Ultimately, businesses need an approach to security that gives them complete visibility into their digital enterprises, that helps them understand exactly where users and data are at all times, and gives them the ability to autonomously respond to threatening activity – before the damage is done.

You have to truly wonder how low can Facebook go. The latest thing that Facebook has been caught doing is auto creating pages for white supremacists. Here’s the story from ARS Technica:

Researchers at the Tech Transparency Project found that Facebook created dozens of pages for groups like the “Universal Aryan Brotherhood Movement” when a user did something as simple as listing it as their employer. Some of the autogenerated pages garnered thousands of likes by the time they were discovered by researchers. TTP also discovered four Facebook groups that had been created by users. The researchers shared their findings with Facebook, which removed most of the pages. Yet, two of the autogenerated pages and all four Facebook groups remained active when the group published its findings. Facebook reportedly banned “white nationalist” content following the 2019 mass shooting at a New Zealand mosque, expanding on an earlier ban of white supremacist content. 

It wasn’t hard for the researchers to find offending pages and groups. They simply searched Facebook for the names of neo-Nazi and white supremacist groups identified by the Anti-Defamation League and the Southern Poverty Law Center. More than half of the groups in their query of 221 names returned results. A total of 113 white supremacist organizations and groups had a presence on Facebook, sometimes more than one.

This is really, really craptastic. But it gets worse:

Facebook has had similar problems with far-right militias, according to a related investigation by the TTP and Buzzfeed. Facebook had banned several militant groups last August, but researchers turned up still-active autogenerated pages for some of the militias.

This isn’t going to be fixed so long as platforms are allowed to exist at this scale. Creating legal liability for user or automatically generated content would help. But doing so might kill Facebook, Twitter, Instagram, etc. Which they deserve if they don’t take responsibility for the content on their platforms. But this story is about Facebook specifically as they are clearly the worst offenders on this front.

Take it from me. #DeleteFacebook

From the “are you kidding me?” file comes the news that Facebook’s own bullying and harassment policy explicitly allows for “public figures” to be targeted in ways otherwise banned on the site, including “calls for [their] death,” according to a tranche of internal moderator guidelines leaked to The Guardian.

Public figures are defined by Facebook to include people whose claim to fame may be simply a large social media following or infrequent coverage in local newspapers. They are considered to be permissible targets for certain types of abuse “because we want to allow discussion, which often includes critical commentary of people who are featured in the news,” Facebook explains to its moderators. It comes as social networks face renewed criticism over abuse on their platforms, including of the Duke and Duchess of Sussex and of professional footballers, in particular black stars such as Marcus Rashford.Facebook, which also owns Instagram, has changed its policies in response to the criticism, introducing new rules to cover abuse sent through direct messages and committing to cooperate with law enforcement over hate speech. In the detailed guidelines seen by the Guardian, running to more than 300 pages and dating from December 2020, Facebook spells out how it differentiates between protections for private and public individuals.

How does that even begin to make sense? This completely blows my mind. In any case, here’s a random thought. Regardless of what Facebook’s internal policies are, they don’t override local laws. So for those of you who think that this means that this is a free for all for public figures that you don’t like, you should be careful. While Facebook might not mind you calling for a politician’s death, the cops will.

This is something that highlights why Facebook needs to cease to exist as it is becoming increasingly clear that the platform does more harm than good. Thus I would strongly suggest that you #DeleteFacebook and send a message to Mark Zuckerberg that this is not acceptable.

For those who really would like to see someone #DeleteFacebook, they might get their wish. Reuters is reporting that a group of states is going to sue Facebook. Here’s the details:

A group of U.S. states led by New York is investigating Facebook for possible antitrust violations and plans to file a lawsuit against the social media giant next week, four sources familiar with the matter said on Wednesday. The complaint would be the second major lawsuit filed against a Big Tech company this year. The Justice Department sued Alphabet’s Google in October. More than 40 states plan to sign on to the lawsuit, one source said, without naming them. 

It is not known what the states plan to include in their complaint. One allegation often made against Facebook is that it has strategically sought to buy small potential rivals, often at a big premium. These include Instagram in 2012 and WhatsApp in 2014. Facebook Chief Executive Mark Zuckerberg has argued in congressional testimony that the company has a range of competitors, including other tech giants. He has defended controversial acquisitions like Instagram and WhatsApp by saying the social media platform helped them expand from small, insignificant companies into powerhouses.

Well this will cause Zuckerberg to freak out and then force them to change their pants because a lawsuit like this has the potential to alter their business model in ways which would make Facebook non-viable. And that would be a good thing as Facebook isn’t known for respecting user data among other things. If this lawsuit happens, it will be very much worth watching.

Anyone who has read my blog for any length of time knows that I am no fan of Facebook. We could likely sit here all day to talk about why Facebook is bad for humanity. But it’s pretty clear by now that the planet would be better off if they didn’t exist.

Here’s a new reason why Facebook shouldn’t exist. According to a new report, Facebook’s failure to halt the spread of coronavirus misinformation makes it a “major threat” to public health:

Research by activist group Avaaz found health misinformation relating to the pandemic was viewed 3.8bn times on the social media site in the last year. Just 16 per cent of all misinformation analysed in the study carried a warning label, with the remaining 84 per cent remaining online without a warning. Facebook has vowed to crack down on conspiracy theories and misleading content linked to Covid-19 amid concerns inaccurate information was spreading unchecked on the platform. A company spokesperson said the findings of the report did not “reflect the steps we’ve taken to keep it from spreading on our service.” Facebook said it had applied warning labels to 98m pieces of content and removed a further 7m between April and June. The site added that it had also directed more than 2bn people to resources from official health authorities.

When you take that and combine that with the fact that they have changed the direction of elections, amplify anti-semitism, amplify conspiracy theories, and they don’t handle user data in a responsible manner, it really shows that Facebook is not good for the world. Especially now that not there are life and death implications because of the pandemic.

The bottom line is simple. It’s beyond time to #DeleteFacebook. Now more than ever.