facebook data
, ,

What’s happened in the latest Facebook data breach?

Just when the Facebook/Cambridge Analytica scandal had stopped making the headlines, the social media giant has been struck by another data breach disaster.

It has been revealed that 50 million people’s accounts have been exposed due to an error in Facebook’s code. This vulnerability meant that hackers could take over people’s accounts and see their most private information.

Facebook found the flaw on Tuesday last week but admitted that it could not say how the bug was used or by who. The vulnerability allowed hackers to access the ‘View As’ privacy tool that allows users to see how their profile looks to other people.

According to a Facebook spokesperson: “Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook, so they don’t need to re-enter their password every time they use the app.”

The company has said that it is sorry, and informed the relevant authorities. But this is unlikely to help the millions of people now worried about cybercriminals having access to their most personal information.

Have you been affected by the latest Facebook data breach?

According to Facebook, the bug has now been fixed, and anyone who broke into an account has now been kicked out.

If your information has been compromised, Facebook will have logged you out. Facebook has also said that it will notify affected users in a message on top of their News Feed about what happened. The social network has also logged out everyone who used the ‘View As’ feature since the exposure was introduced as a “precautionary measure”.

However, it has been suggested that even more than 50 million people could potentially be affected. So it’s better to remain vigilant.

A Facebook spokesperson said: “people’s privacy and security is incredibly important, and we’re sorry this happened”. However, following the Cambridge Analytica data breach – which enabled the harvesting of information on around two billion users – sorry is unlikely to be good enough for many users.

What can you do to protect your Facebook account?

It has yet to be determined whether any accounts were misused or any information accessed. But, in the meantime, it’s a good idea to change your password. Although that may not undo the impact of this attack. If you haven’t already, you should also enable two-factor authentication

If you’ve used Facebook to login to other accounts or apps, you should also disable these. You can do this by going to ‘settings’ and selecting ‘apps and websites’. All the apps you use Facebook to log in with will be listed. If you have been affected, you should also change the passwords for those accounts.

data compensation
, , ,

Emma’s Diary breaks trust of young mums

Earlier this month, parenting website Emma’s Diary was fined £140,000 for selling data collected from its app to the Labour Party.

Using a database created by Experian, Labour used this personal information to target new mothers with direct marketing. The data gathered included parent names, addresses and the dates of birth of the mother and children.

In an extraordinary breach of trust, many parents are now reeling that their personal information was treated this way. So, here at Hayes Connor Solicitors we are helping them to claim Emma’s Diary compensation for any distress suffered.

Commenting on this case, our managing director, Kingsley Hayes said:

“Quite often we deal with data breach cases where a cybercriminal has hacked a company to access sensitive user information. But in this case, Emma’s Diary willingly and knowingly handed it over for profit. What is even more shocking is that this sensitive information included data about children. It’s no wonder that young mums and dads are now distraught at this breach of trust.”

He added:

“Leaving aside the fact that this data was used to manipulate our democratic process, this case shows a worrying disregard for data privacy. Mums across the UK used Emma’s Diary to get much-needed medical advice and free baby-themed goods. The last thing they expected was that their trust would be abused in this way.”

Claiming Emma’s Diary compensation

You can make a compensation claim against Emma’s Diary if you have struggled emotionally following the data breach, even if you have not experienced any financial loss.

When making a compensation award, the court will look at the specific circumstances of your case. This includes things like the sensitivity of the data compromised and the nature of the disclosure.

Some people would have us believe that claiming for distress is an overreaction. That your psychological suffering and anguish doesn’t matter. You might hear friends and family saying that, while it is acceptable to claim compensation for any financial losses, you should put up with any anxiety caused by having your information sold in this manner.

Being the victim of a data breach can have a substantial impact on you mentally and physically. For some people, the effects can include a lack of sleep, feeling ill, unsettled or confused. So why shouldn’t you seek compensation for a failure to look after your information correctly? Especially when it included data about young children.

How much compensation could you get?

Data breaches often have severe consequences for those affected, and in this case, you could be entitled to up to £1,500 (or more depending on your circumstances). And, because we offer no-win, no-fee funding arrangements, you have nothing to lose.

Join our group action and claim Emma’s Diary compensation now

At Hayes Connor Solicitors, we have received a large number of queries from people concerned that their information was manipulated and used in way they did not agree to. In response, we are now launching a group action against Emma’s Diary.

To join a group action compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.


facebook data
, ,

Facebook data breach investigation latest.

The Information Commissioner’s Office (ICO) is set to fine Facebook £500,000 for data breaches. That is the maximum financial penalty possible and reflects the severity of the Facebook data breach scandal. The ICO also intends to bring criminal action against SCL Elections, the now-defunct parent company of Cambridge Analytica.

What happened in the Facebook data breach case?

  • Social media giant Facebook and controversial data firm Cambridge Analytica are at the centre of a dispute over the harvesting and use of personal data
  • Questions were raised over whether this data was used to influence the outcome of the US 2016 presidential election and the Brexit referendum
  • In March 2017, the ICO began looking into whether personal data had been misused

What is happening now in the Facebook data breach investigation?

Yesterday, the Information Commissioner Elizabeth Denham, published a detailed update of her office’s investigation into the use of data analytics in political campaigns.

The report reveals that the ICO plans to fine Facebook £500,000 for breaches of the Data Protection Act.

The ICO has also said that it is taking steps to bring a criminal prosecution against SCL Elections Limited. While Cambridge Analytica has shut down, the ICO has already said that its directors can still be held liable and possibly criminally prosecuted.

Crucially, the ICO believes that in addition to breaching its own rules, Facebook also failed to ensure Cambridge Analytica had deleted its users’ personal data when requested. What’s more, while the ICO noted that Facebook had been the biggest recipient of digital advertising by political parties and campaigns to date, it said that the company had not done enough to explain to users they were being targeted as a consequence, or given people enough control over how their sensitive personal data was used. As a result, it seems that Facebook is guilty of two breaches of the Data Protection Act.

So, does this mean Facebook will be held to account?

No. The social media giant still has time to make any representations to the ICO before a final decision is made. However, by publishing a Notice of Intent, it is clear that the ICO is taking this matter very seriously. In fact, based on the evidence so far it looks likely that the ICO will issue Facebook with the maximum fine allowed under British law.

However, Facebook could still get away lightly, because if it had been fined under the new GDPR (General Data Protection Regulation), it could have been hit with a penalty of £479m. Indeed, the £500,000 fine is tiny when stacked up against the firm’s value of £445bn.

The impact on political parties

In its report, the ICO raised concerns about political parties buying personal information from data brokers.

Worryingly, Elizabeth Denham has said that: “We are at a crossroads. Trust and confidence in the integrity of our democratic processes risk being disrupted because the average voter has little idea of what is going on behind the scenes.

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters.

“But this cannot be at the expense of transparency, fairness and compliance with the law.”

She also said that the impact of behavioural advertising in elections, was significant and has called for a code of practice to fix the system.

The ICO has also written to all the main political parties in the UK pressing them to have their data protection practices audited.

Who else is involved?

 Aggregate IQ

The ICO has said that Aggregate IQ (AIQ), a Canadian company which worked with the Vote Leave campaign in the run-up to the EU Referendum must stop processing UK citizens’ data. AIQ had access to UK voters’ personal data provided by Vote Leave and this information may have been transferred and accessed outside the UK. If so, this would be a breach of the Data Protection Act.

Emma’s Diary

The ICO also named Emma’s Diary; a company that gives medical advice and free baby-themed goods to parents who download an app. It appears that the company may have handed over data which was then used by the Labour Party to campaign to people. As a result, the ICO is about to take regulatory action against Lifecycle Marketing, the owner of the service.

Eldon Insurance Services

It has been alleged that the Leave campaign used the personal information of people on the Eldon Insurance and GoSkippy database on the run-up to the Brexit referendum.

Vote Leave

The ICO is looking into to what extent Vote Leave transferred the personal data of citizens outside the UK. It is likely that this was in a breach of the Data Protection Act.

Remain campaign

The ICO is investigating the collection and sharing of personal data by the official Remain campaign (Britain Stronger in Europe) and a linked data broker. In particular, it is examining inadequate third party consents and the fair processing statements used to collect personal data.

The University of Cambridge

The Psychometrics Centre at the University of Cambridge carries out research into social media profiles. As part of its investigation, the ICO is considering whether Cambridge University has “sufficient systems and processes in place to ensure that data collected by academics for research is appropriately safeguarded in its use and not re-used for commercial work.”

The ICO said that it expects the next stage of its investigation to be complete by the end of October.


Data Breach experts
, , ,

Facebook data breach latest: 200 apps suspended

Facebook has suspended around 200 apps as part of its ongoing investigations into the potential misuse of personal data following the Cambridge Analytica privacy scandal.

In an announcement on its website, the social media giant said: “We have large teams of internal and external experts working hard to investigate these apps as quickly as possible. To date thousands of apps have been investigated and around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data.”

Facebook is currently conducting a “comprehensive review” to identify every app that had access to large amounts of potentially sensitive data before it changed its policies in 2014.

While there is not as yet a publically available list of the 200 apps under investigation, Facebook has promised that if they discover that an app has misused data, it will be banned. It has also informed users that they can check whether they were affected here.

However at the time of writing, only “This Is Your Digital Life” – the app at the centre of the scandal – is listed on the tool. The other 200 apps have not yet been added.

To date, a whopping 87 million people are thought to be affected by the data breach. And the people who used the 200 suspended apps are likely to see this number increase even further. In fact, with more than nine million apps supported by Facebook six years ago, it is expected that the revelations about abusive apps have only just begun and that the final number of people affected will be staggering.

You can keep an eye on our website to be kept up-to-date with the latest Facebook data breach news as it happens.

facebook data
, ,

Facebook to alert you if your data was shared

From today, Facebook will begin notifying the 87 million people whose personal information may have been improperly shared with Cambridge Analytica.

If your data was leaked, you will receive a message from Facebook at the top of your news feed. This will provide details on how you are affected. You will receive this message if you or your friends used Facebook to log into the This Is Your Digital Life app.

Also, all other Facebook users will receive a notice helping them to turn off specific apps or shut down third-party access to their apps entirely.

While most of those affected are in the US, some people in the UK have also had their details breached. It is understood the messages will be sent out at about 5pm in the UK.

Facebook is now facing investigation both in the UK and the USA. If the social media giant is found to be in breach of the data protection act, you could be entitled to compensation.



, ,

Facebook Data Scandal

Last week Mark Zuckerberg faced some hard questions about the Facebook data scandal – Here is a round up of what he said:

Hard Questions: Q&A With Mark Zuckerberg on Protecting People’s Information

Mark Zuckerberg

about 2 weeks ago

I want to share an update on the Cambridge Analytica situation — including the steps we’ve already taken and our next steps to address this important issue.

We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you. I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there’s more to do, and we need to step up and do it.

Here’s a timeline of the events:

In 2007, we launched the Facebook Platform with the vision that more apps should be social. Your calendar should be able to show your friends’ birthdays, your maps should show where your friends live, and your address book should show their pictures. To do this, we enabled people to log into apps and share who their friends were and some information about them.

In 2013, a Cambridge University researcher named Aleksandr Kogan created a personality quiz app. It was installed by around 300,000 people who shared their data as well as some of their friends’ data. Given the way our platform worked at the time this meant Kogan was able to access tens of millions of their friends’ data.

In 2014, to prevent abusive apps, we announced that we were changing the entire platform to dramatically limit the data apps could access. Most importantly, apps like Kogan’s could no longer ask for data about a person’s friends unless their friends had also authorized the app. We also required developers to get approval from us before they could request any sensitive data from people. These actions would prevent any app like Kogan’s from being able to access so much data today.

In 2015, we learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica. It is against our policies for developers to share data without people’s consent, so we immediately banned Kogan’s app from our platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications.

Last week, we learned from The Guardian, The New York Times and Channel 4 that Cambridge Analytica may not have deleted the data as they had certified. We immediately banned them from using any of our services. Cambridge Analytica claims they have already deleted the data and has agreed to a forensic audit by a firm we hired to confirm this. We’re also working with regulators as they investigate what happened.

This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.

In this case, we already took the most important steps a few years ago in 2014 to prevent bad actors from accessing people’s information in this way. But there’s more we need to do and I’ll outline those steps here:

First, we will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity. We will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps. That includes people whose data Kogan misused here as well.

Second, we will restrict developers’ data access even further to prevent other kinds of abuse. For example, we will remove developers’ access to your data if you haven’t used their app in 3 months. We will reduce the data you give an app when you sign in — to only your name, profile photo, and email address. We’ll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. And we’ll have more changes to share in the next few days.

Third, we want to make sure you understand which apps you’ve allowed to access your data. In the next month, we will show everyone a tool at the top of your News Feed with the apps you’ve used and an easy way to revoke those apps’ permissions to your data. We already have a tool to do this in your privacy settings, and now we will put this tool at the top of your News Feed to make sure everyone sees it.

Beyond the steps we had already taken in 2014, I believe these are the next steps we must take to continue to secure our platform.

I started Facebook, and at the end of the day I’m responsible for what happens on our platform. I’m serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn’t change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward.

I want to thank all of you who continue to believe in our mission and work to build this community together. I know it takes longer to fix all these issues than we’d like, but I promise you we’ll work through this and build a better service over the long term.

[source: Facebook Hard questions]


What does Facebook know about you?

You know that Facebook is embroiled in a massive privacy row. But among the news about what happened, who knew what, and what is still to be revealed, it’s important to look at WHY this data breach matters to ordinary people here in the UK.

What data does Facebook hold?

Lots. In fact, much, much more than most of us were aware. To access your Facebook data archive, go to your settings and click on ‘Download a copy of your Facebook data’.

Here is just some of the data Facebook might hold on you (depending on your permission settings):

  • Your profile details including your age, gender and education
  • Your telephone number and email address
  • Your likes and your friends’ likes
  • The websites you visit
  • Which events you’ve been invited to (and whether you accepted or declined the invitations)
  • Your political leanings
  • Your travel habits
  • Your relationship history
  • Every single person you’ve ever been a friend with on Facebook, including requests sent, denied requests and removed friends
  • Which ads you have clicked on (how often and when)
  • Which advertisers have your details
  • Every single contact on your phone, including ones you no longer have
  • How many times you’ve contacted every person whose contact details you’ve kept in your phone. This includes calls and texts made through your cellular network which have nothing to do with Facebook
  • Every single message you have ever sent via its platform
  • Every picture you’ve ever shared or received.

Why should you care?

Maybe you don’t care that Facebook has access to all this info. And, if the social media giant could 100% guarantee that this data was being kept safe, that might be okay. But the latest breach shows that Facebook has already put this data at risk due to poor internal processes. So, how can we be sure that this won’t happen again? And what is being done with the information already out there?

What criminals can do with your data

We already know that Facebook is under investigation, and that our data might have been used to influence how some of us voted in the Brexit campaign. And, if true, the manipulation of our democratic processes should be horrifying to everyone.

But even for those of us that aren’t political, we should be very worried about what could happen if this massive amount of data got into the wrong hands.

Cybercrime is on the rise, and according to research, hackers stole or compromised an estimated £20.2bn worth of records from businesses last year. While people of any age can be victims of identity fraud, the risk increases if you share information on social media. Even a normal, accessible profile can be used by criminals.

Check out this video by fraud prevention service Cifas to see how easy it is.

How private is your data?

Victims of ID fraud might have no idea that it is even happening until it is too late. Signs that your identity has been stolen include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score

Take action now!

But what can you do to protect yourself and your data? Make sure you review your privacy settings on Facebook and all other social media channels. In particular, find out which apps have access to your Facebook data.


facebook data
, ,

Facebook data breach. Have you been affected?

Last week, a whistle-blower revealed how Facebook data was illegally harvested and used to influence the US Presidential election. The breach occurred after Cambridge Analytica targeted users with political messaging after obtaining data from the social media platform.

Cambridge Analytica got this information from a researcher, who garnered details on the likes and habits of Facebook users via a personality quiz app called ‘This is Your Digital Life’. Crucially, this information was shared without user consent.

The data of around 270,000 users is thought to have been collected via the app, which also accessed public data from users’ friends. Of this, about 50 million profiles were harvested for Cambridge Analytica before the user consent rules were tightened up.

Since then, Facebook chief executive Mark Zuckerberg has admitted to privacy errors and said that he made a mistake in not telling users about the leak when it was uncovered in 2015. It has also been revealed that Facebook could have done more to prevent the breach in the first place.

Worryingly, while Facebook is now changing the way it shares data with third-party applications, in addition to the Cambridge Analytica incident, Zuckerberg admits that this might not be the only instance where user data was exploited.

In fact, more apps could have “gotten access to more information, and potentially sold it” without Facebook knowing. As such, a full investigation of “every app that got access to a large amount of information” is now underway. While specific details haven’t been revealed, the number of apps thought to be covered by this investigation is in the “thousands”.

Protect yourself following the Facebook data breach

Facebook has now promised to inform users if their data was accessed by any apps that might have misused it. In the meantime, to find out which apps have access to your Facebook data, it’s important to review your setting on the platform.

, ,

Facebook could have prevented data breach

Facebook is facing accusations of data harvesting after it was revealed that an “unprecedented” infringement took place in 2014. Perhaps even more damaging, while Facebook found out about the breach in 2015, the social media giant failed to alert its users, and did not take adequate steps to recover and secure the private information.

To make matters worse, whistleblower, Sandy Parakilas who worked as a platform operations manager at Facebook from 2011 to 2012 has told MPs that his concerns about lax data-protection policies at the company were ignored by senior executives. He said that covert harvesting was routine at the social network, and that Facebook did not do enough to prevent, identify – or act upon – data breaches.

Speaking to a parliamentary committee on Wednesday Parakilas said that while the security team at Facebook was “very, very good,” “they’d allowed people to get all this data on people who hadn’t really authorised it, and it was personally identifiable data.”

He added that Facebook gave the impression that it was worried it would be held liable if it investigated a suspected breach and found policies or laws were broken.

Commenting on Facebook’s lack of action over the recent Cambridge Analytica breach revelations, Parakilas said: “It has been painful watching, because I know that they could have prevented it.”

Last night, Facebook chief executive Mark Zuckerberg admitted user privacy mistakes and said he realised he needed to be more public and accountable. In an interview with CNN, he said that he was willing to testify to any US government inquiry over the Cambridge Analytica scandal, and that he would not be against regulation of his social media company. He has also pledged to review “thousands of apps” in an “intensive process”.

Zuckerberg also admitted that Facebook made a mistake in not telling users about the leak when it was uncovered in 2015. He said: “I regret we didn’t do it at the time. I think we got that wrong”.

Have you been affected?

Facebook has now promised to inform users if their data was accessed by any apps that might have misused it.


, ,

Cambridge Analytica and Facebook.

What could it mean for the UK?

A whistle-blower has revealed how Facebook data was harvested to target American voters on behalf of Donald Trump’s election team.

Speaking to journalists, Christopher Wylie, who worked for data analytics firm Cambridge Analytica, said that in 2014, 50 million Facebook profiles were harvested by UK-based Aleksandre Kogan and his company Global Science Research. He also claims that Kogan shared this information with Cambridge Analytica, who created a software program which used the data to predict and influence choices at the ballot box.

However, this personal information was taken without authorisation.

It has also been alleged that, while the “unprecedented” infringement took place in 2014, and Facebook found out in 2015, the social media giant failed to alert its users and did not take adequate steps to recover and secure the private information.

The accusations of data harvesting, and the use to which it was put, raises burning questions about the role Facebook played in influencing US presidential election.

Facebook has recently suspended Cambridge Analytica from the platform, pending further information over misuse of data. However, it denies that there was a data breach.

Why does this matter in the UK?

As well as working for former Trump adviser Steve Bannon, Cambridge Analytica, was also employed by the winning Brexit campaign. This raises questions over whether data was illegally acquired and used to impact the EU referendum result.

At present both the Electoral Commission and the Information Commissioner’s Office are undertaking separate investigations into the activities of Facebook and the retention, sharing and distribution of data illegally in the UK.

A statement by Elizabeth Denham, the Information Commissioner said:

 “We are investigating the circumstances in which Facebook data may have been illegally acquired and used.

 “It’s part of our ongoing investigation into the use of data analytics for political purposes which was launched to consider how political parties and campaigns, data analytics companies and social media platforms in the UK are using and analysing people’s personal information to micro target voters.

 “It is important that the public are fully aware of how information is used and shared in modern political campaigns and the potential impact on their privacy.

 “We are continuing to invoke all of our powers and are pursuing a number of live lines of inquiry. Any criminal and civil enforcement actions arising from the investigation will be pursued vigorously”.

 It is also believed that Parliament will seek further testimony from Facebook to explain its approach to political marketing and the sharing of confidential information. The EU has said that the Facebook data breach, if confirmed, is “horrifying”.