The Irish Data Protection Commission (CPD) announced on November 28 that it has fined Facebook developer Meta €265 million for breaching the European Union’s General Data Protection Regulation (GDPR). Specifically, the Commission stated that it had fined Meta for failing to design Facebook in a way that protected users from data breaches.
The announcement followed an investigation spanning more than a year that began in April 2021. The breach itself occurred even earlier, in late 2019.
Data Protection Commission announces decision in Facebook “Data Scraping” Inquiry: https://t.co/xW9nVqiJ2Y pic.twitter.com/6iDYnyVk5R
— Data Protection Commission Ireland (@DPCIreland) November 28, 2022
The data breach was first discovered when a Tech Crunch report revealed that hundreds of millions of Facebook users’ phone numbers were listed in a publicly accessible online database. Although the database was later removed by the web host, its existence revealed that Facebook’s data had been breached.
In April 2021, CPD began investigating the breach. At that moment, Meta released a statement about the leak called “The Facts About Facebook Data News Reports.”. Meta claimed that an attacker had used his contact import tool to spam the server with phone numbers to see which ones had Facebook accounts associated with them.
Every time the attacker got a response, he could obtain the user’s personal data and match it with his phone number. As a result, users’ personal data had been leaked to malicious actors.
In the statement, Meta claimed that it had patched this contact importer vulnerability once the breach was discovered and that the tool was now secure.
According to the new CPD statement, it has verified “the infringement of articles 25(1) and 25(2) of the GDPR” due to this incident and “has imposed administrative fines for a total of 265 million euros.”
The use of personal data in social media applications has become somewhat controversial in recent years as data breaches have become commonplace.
Several blockchain companies have tried to solve the problem by creating blockchain social networking applications that do not require users to give their email addresses or phone numbers. For example, both Bitclout and Blockster are social networking apps that allow users to log in with just an Ethereum wallet.
Ethereum developers have also offered a proposal, called “EIP-4361”, to standardize the wallet login process across all applications.. Its supporters believe this could eliminate the need to ask users for sensitive personal information on social media apps, which could help prevent breaches like this in the future.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.