Advert.

Do NOT tell your scammer he is posted here, or report their accounts as it puts others at risk!

Facebook under investigation for harvesting 1.5m users’

Did you read about scams in the papers, or see it on TV? Let us know.

Facebook under investigation for harvesting 1.5m users’

Unread postby SlapHappy » Wed May 01, 2019 2:42 pm

https://nakedsecurity.sophos.com/2019/0 ... act-lists/

Facebook under investigation for harvesting 1.5m users’ contact lists
30 APR 2019
3
Facebook, Law & order, Privacy, Social networks
Get the latest security news in your inbox.
you@example.com
Don't show me this again

Previous: Man posing as Hollywood superstar scams woman out of a ‘fortune’
Next: Docker breach of 190,000 users exposes lack of two-factor authentication
by Lisa Vaas


The New York Attorney General’s office announced last week that it’s launched an investigation into Facebook’s harvesting of 1.5 million users’ email address books without their consent.

Earlier this month, a security researcher had noticed that Facebook was asking some new users for their email passwords when they signed up: what he called “a HORRIBLE idea from an #infosec point of view”…

…particularly from a company that’s mishandled the passwords we use in two-factor authentication (2FA) and which saved hundreds of millions of users’ passwords to disk in raw, unencrypted form.

But Facebook wasn’t just asking for some new users’ email passwords, the company would go on to admit: it was also sucking up their contacts, popping up a message saying the platform was “importing” their contacts without asking for permission first, nor offering any way for users to cancel the process.

Facebook admitted it had “unintentionally uploaded” 1.5 million contact databases of new Facebook users since May 2016. But as noted in a press release issued on Thursday by the office of New York Attorney General Letitia James, the number of emails drawn into this filter feeder’s baleen is bound to be orders of magnitude higher, as in, hundreds of millions, given that the affected people could have hundreds, if not thousands, of contacts in their contact databases.

While Facebook claims that 1.5 million contact databases were directly used by the scammer by its email password verification process for new users, the total number of people whose information was improperly obtained may be hundreds of millions.

Well, isn’t it just typical, AG James said. It’s just the latest demonstration of how Facebook “does not take seriously its role in protecting our personal information,” she was quoted as saying. She added…

It is time Facebook is held accountable for how it handles consumers’ personal information.

DEEP LEARNING FOR DEEPER CYBERSECURITY
Watch Video
Put it on top of the “legal repercussions” pile
She’s not alone in that belief: Facebook’s anticipating that an upcoming settlement with the Federal Trade Commission (FTC) over user data privacy handling could be up to $5 billion. Canadian regulators last week said that they too believe that Facebook has broken the law and plan to take the company to court to force it to change its practices.

The Irish Data Protection Commission also said last week that it’s investigating Facebook over the issue of user passwords stored on its internal servers in plain text format.

“Unintentional” (perhaps illegal) but great for ad targeting!
Getting its hands on this vast trove of emails is great for Facebook’s core business of ad targeting, as well as to expand its already vast web of social connections. But it could have broken a number of privacy laws, some say.

Experts told Business Insider that the harvesting of the 1.5 million users’ email contact lists could possibly violate a 2011 consent decree between Facebook and the Federal Trade Commission (FTC), the EU General Protection Data Regulation (GDPR), and potentially even the Computer Fraud and Abuse Act (CFAA).

A Facebook spokesperson declined to comment on the legality of the company’s actions when Business Insider asked.

The investigation
Two people briefed on the NY AG’s investigation told the New York Times that it will “focus on how the contact list-importing practice came about, and whether or not it spread to hundreds of millions more people across the social network.”

After a furious backlash, shortly after the press got wind of the practice, Facebook said it stopped asking for new users’ email passwords and stopped importing their contact lists. Last week, it told news outlets that it was in touch with NY AG James’s office and was responding to questions about the matter.
If anyone asks you for money on the Internet they are always a scammer, 100% of the time.
Blackmail Scammed? Go here: https://www.scamsurvivors.com/blackmail/#/
FAQ viewtopic.php?f=3&t=19
Victim of a scam? Go here: https://scamsurvivors.com/forum/viewtop ... =3&t=26504
User avatar
SlapHappy
Retired admin/co creator
 
Posts: 44968
Joined: Tue Apr 17, 2012 5:18 am
Location: Just a face in a magazine, watching you post your scammer's details.

Return to Media reports.

Who is online

Users browsing this forum: No registered users and 9 guests