Facebook data breach affects millions
While today’s teens poke fun at the aging demographic of Facebook users, exclaiming that, “only old people use Facebook,” their take on technology may need to change. With the recent data outbreak that affected nearly 87 million Facebook users, some concerns with emerging social media sites are rising.
Facebook, run by CEO Mark Zuckerberg, has been captivating its users since its debut in 2004. With timeline updates and profile picture changes, the platform allows its users to connect with people worldwide. The issue, though, is that with every search, every status update, every post, data is collected about the interface’s users.
During the weekend of March 17, 2018, news broke about a data breach, claiming that Cambridge Analytica (CA), a data analytics firm that worked with President Donald Trump’s election campaign, had extracted Facebook data from 50 million user accounts. Between 2013 and 2015, CA harvested, without permission, profile data from millions of Facebook’s users. The data harvested, which was compiled of personal likes and interests, was then used to target Facebook’s users by building a complete profiling database. The database consisted of the interests of each individual user, and was then offered to many political campaigns.
The question is, how was CA able to obtain the personal data from millions of Facebook’s users legally? A loophole in Facebook’s Application Programming Interface (API) allowed third-party developers to collect data from both users of their apps and friends of the users on the network as well. The issue then becomes the steps following the harvesting of the data.
The act of harvesting the data itself wasn’t a violation of Facebook’s policy, seeing as though the loophole in the API made it known that Facebook openly allowed mobile developers to access the data. The issue wasn’t a concern to Facebook or its users until 2015 when there was an update to the API.
The update blocked the access that a third-party source had to massive data sets, such as the ones that CA was using to build their profiling networks. According to vox.com, the update also “drastically limited what features third-party apps could access,” and also instituted a review of any third-party app that would ask for access to more than the “usual amount of data,” consisting of public profile, list of friends and email address, from it’s users.
On April 10, 2018, Zuckerberg testified in front of 44 Senators from the State Judiciary Committee and the Senate Commerce, Science and Transportation Committee. The beginning of his testimony stated that, “Facebook is an idealistic and optimistic company. For most of our existence, we focused on all the good that connecting people can bring. As Facebook has grown, people everywhere have gotten a powerful new tool to stay connected to the people they love, make their voices heard and build communities and businesses… But it’s clear now that we [Facebook] didn’t do enough to prevent these tools from being used to harm as well.”
Throughout the opening remarks of his testimony, Zuckerberg takes full responsibility for the incident, apologizing for his “mistake.”
“I started Facebook, I run it and I’m responsible for what happens here,” Zuckerberg said.
As far as preventing the incident from happening again, Facebook is undergoing major platform reconstruction, dramatically restricting the amount of data that developers can access. Specifics include reducing the amount of data users must give an app when approval is needed to only name, profile photo and email address, restricting more APIs such as groups and events and requiring developers to gain approval, as well as sign a strict contract before requesting access to personal posts or private data.
These revamps to the platform will hopefully limit the severity of this kind of data breach in the future, but for now the remnants of the scandal lie in Zuckerberg’s hands.