Meta fined 265 million euros for allowing employees to steal Facebook user data

Meta makes a fatal mistake while Blockchain and Web3 companies are trying to prevent data leaks by creating alternative login processes and distributing the necessary data collection in a highly decentralized manner. .

On November 28, Ireland’s Data Protection Commission (DPC) announced that it had fined Facebook developer Meta 265 million euros ($274.8 million) for violating the country’s General Data Protection Regulation (GDPR). European Union. Specifically, the committee stated that it had fined Meta for not designing Facebook in a way that could protect users from data breaches.

This announcement comes after a year-long investigation that began in April 2021. The breach itself happened even earlier, in late 2019.

The data breach was first discovered when a report from Tech Crunch revealed that hundreds of millions of Facebook users’ phone numbers were listed in a publicly accessible online database. Although the database was later taken down by the web server, its existence suggests that Facebook data was breached.

In April 2021, the DPC began investigating the breach. At the time, Meta posted a statement about the breach called “Facts on Facebook data news reports.” Meta claims that the attacker used his contact import tool to spam the server with phone numbers to see who had Facebook accounts associated with them.

Every time an attacker receives a response, they can obtain the user’s personal details and match these details with the user’s phone number. As a result, users’ personal data was leaked to malicious actors.

In the statement, Meta stated that it patched the vulnerability of this contact importer after the breach was discovered and that the tool is now secure. The DPC said the Meta investigation team found a “violation of Articles 25(1) and 25(2) GDPR” as a result of this incident and “imposed administrative fines totaling €265 million.”

The use of personal data in social media apps has been controversial in recent years as data breaches have become commonplace.

Some blockchain companies have tried to solve the problem by creating social media apps in the industry that do not require users to provide email addresses or phone numbers. For example, both Bitclout and Blockster are social media apps that allow users to log in with just an Ethereum wallet.

On the other hand, the Ethereum developers also made a proposal called EIP-4361 to standardize the wallet login process across all applications. Proponents believe the proposal could eliminate the need to ask users for sensitive personal information in social media apps, and in turn could help prevent breaches like this. Future.