Information Security / Cambridge Analytica scandal impacted up to 87 million Facebook users
Cambridge Analytica scandal impacted up to 87 million Facebook users
5 April 2018 |
Facebook's chief technology officer Mike Schroepfer has announced in a blog post that the Cambridge Analytica scandal compromised personal details of up to 87 million people, and not around 37 million people as previously believed.
While a little over 70 million Facebook users affected by the Cambridge Analytica scandal are from the United States, the scandal also impacted over one million users each in the United Kingdom, Philippines, and Indonesia.
According to The Observer, Cambridge Analytica entered into an agreement Global Science Research (GSR), a firm owned by Cambridge University academic Aleksandr Kogan. Thanks to the agreement, Kogan designed a new app named thisisyourdigitallife and then used it to collect Facebook data of hundreds of thousands of Facebook users who had agreed to take personality tests and to have their data collected for academic use.
Indiscriminate data harvesting
Not only did Kogan's app harvest Facebook data of those who participated in the tests, but also harvested profiles of their Facebook friends, thereby extending its reach to millions of users. While it was initially believed that around 270,000 Facebook users had consented to the personality tests, the BBC has now learned that the real count of such Facebook users was 305,000.
After Facebook drew widespread criticism for allowing an external firm to harvest data of millions of users across the globe, Facebook CEO Mark Zuckerberg announced in a blog post that not only did Facebook ban both Kogan and Cambridge Analytica from using its services, it also took steps in 2014 to dramatically limit the data apps could access, and this move stopped apps from collecting data belonging to a person's friends unless their friends had also authorized the app.
Zuckerberg also said that Facebook will restrict developers' data access even further to prevent other kinds of abuse. These steps will include removing developers' access to a user's data if the user hasn't used an app in three months, restricting the data that a user has to provide to an app during the sign-up process to only name, email address, and a profile photo, and requiring developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data.
Up to 87 million impacted
While the social media giant did not disclose the massive data breach to affected users when it came to know about Cambridge Analytica's data collection practices in 2014, it has now come forward with additional information of the true extent of the breach. In a recent blog post, the company's chief technology officer Mike Schroepfer announced that the Cambridge Analytica scandal had, in fact, affected up to 87 million people, including 1,079,031 Facebook users in the UK.
According to Evgeny Chereshnev, CEO at Biolink.Tech, while issues around data privacy have existed for many years, people are only reacting now as this is the first time they have seen the evidence of a single company being able to influence which president was elected.
"It doesn’t matter what this data leakage would have proven or not proven. The point is that there was always the opportunity, and possibility, that certain data would be extracted from Facebook by hackers or third party providers that we, the users, were not aware of. It has been said that it’s data taken from Facebook without the users’ consent.
This is both true and not true. If you read the licence agreement, when you sign up to Facebook, you would understand that you have absolutely no rights when it comes to your data; your information, what you post and how information is gathered about you. Facebook can analyse and use this data any way it wants," he said.
"I am actually very happy this has happened, as it shows just how severe and significant the problem is. Firstly, if there is a database, it only has two states – already hacked or will be hacked – that is simply the fate of all centralised user databases. We have to embrace blockchain and diversified, distributed way of dealing with data.
"Secondly, we need to totally rethink the way we approach data - our digital trail and DDNA (digital DNA). Privacy of personal data MUST become a constitutional right that everyone has from birth.
"Data is there forever, and it should be illegal to take it from users. It goes back to the age old question – what is self? Who owns it and what needs to be co-owned by third parties for self to coexist in the society that we live in? For example, a healthcare system needs access to my vital health records in order to administer the right treatment, but they don’t need to own that data. We should own our own self," he added.
Latest posts by Jay Jay (see all)
- U.S. Justice Dept investigating theft of trade secrets by Huawei - 17th January 2019
- Collection #1 data breach: 773m emails & 21m unique passwords exposed - 17th January 2019
- Majority of companies cannot detect IoT device breaches, survey reveals - 15th January 2019
- GDPR compliance, phishing emails top concerns for SMEs in 2019 - 15th January 2019
- Widely-used PremiSys access control system features four zero-day vulnerabilities - 14th January 2019