On November 28, the Irish Data Protection Commission (DPC) announced that it had fined Facebook developer Meta €265 million for violating the European Union's General Data Protection Regulation (GDPR). The commission specifically stated that it had penalized Meta for failing to design Facebook in a way that would protect users from data breaches.
The announcement came after a nearly year-long investigation that began in April 2021. The breach happened even earlier, in late 2019.
The data breach was identified after a Tech Crunch report revealed that the phone numbers of hundreds of millions of Facebook users were listed in an online publicly accessible database. Although the web host later removed the database, its existence disclosed that Facebook's data had been compromised.
The DPC began looking into the breach in April 2021. At the time, Meta stated the breach titled "The Facts on News Reports About Facebook Data," in which it asserted that an attacker had been using its contact importer tool to flood the server with phone numbers to determine which ones had Facebook accounts affiliated with them.
Each time the attacker received a response, they were able to obtain the user's personal information and match it to the user's phone number. As a result, malicious actors gained access to users' personal information.
In the statement, Meta claimed that the contact importer vulnerability had been patched after the breach was found and that the tool was now safe.
According to the new DPC statement, the incident resulted in infringement of Articles 25(1) and 25(2) GDPR and "administrative fines totaling €265 million."
As data breaches have become more common in recent years, the use of personal data in social media apps is becoming controversial.
Several blockchain companies have attempted to address the issue by developing blockchain social media apps that do not enable users to provide their email addresses or phone numbers. Bitclout and Blockster, for example, are social media applications that help users to sign in with only their Ethereum wallet.
Ethereum developers have also proposed an "EIP-4361" proposal to standardize wallet login across all apps. Supporters believe that this could eliminate the need for social media apps to ask users for sensitive personal information, which could help to prevent future breaches like this.
What do you think about meta being fined for allowing scrapers to steal Facebook's centralized user data? Let us know your thoughts by sharing this article online.