This Week in Data Breaches: Facebook Expecting $5 Billion Fine for Privacy Violations
From news of a $5 billion fine looming on the horizon for Facebook to hackers gaining access to Microsoft email accounts, here we round up the latest in data security and privacy news.
Regulators Zero In on Facebook
Facebook revealed in its first quarter financial report that it is expecting a fine of up to $5 billion from the Federal Trade Commission for privacy violations. A fine of that size would be the largest ever for a tech company in the United States, far higher than the record of $22.5 million currently held by Google. However, privacy advocates have criticized the settlement for not going far enough, amounting to little more than a slap on the wrist. Facebook’s impending settlement with the FTC is just one of many possible crackdowns from regulators that loom on the horizon for the company.
Canadian regulators this week found that “Facebook violated national and local laws in allowing third parties access to private user information through ‘superficial and ineffective safeguards and consent mechanisms’”, according to the New York Times. Along with the investigations and findings by the FTC and the privacy commissioner of Canada, Facebook is facing intensifying scrutiny from privacy watchdogs in Ireland, Germany, France, and the UK.
All of which stem from a long litany of privacy violations and security mishaps at Facebook since March of last year. Here is a brief recap:
- March 2018: The New York Times reports that the private data of 86 million Facebook users was leaked to the political consulting firm Cambridge Analytica, setting off a wave of congressional hearings and investigations.
- September 2018: Facebook announces that 30 million accounts were compromised in the worst security breach in the company’s history.
- January 2019: TechCrunch reports that Facebook paid users between the ages of 13 to 35 a mere $20 per month to install a Facebook research VPN that tracked and siphoned up all of their phone and network activity.
- February 2019: TechCrunch again reports that Facebook associated phone numbers used for 2FA with users’ profiles without allowing them to opt-out.
- March 2019: An investigative journalist, Brian Krebs, reveals that Facebook stored hundreds of millions of passwords unencrypted.
The Most Hacked Passwords in the UK
The UK’s National Cyber Security Center released its annual list of most hacked passwords this week. Among the most hacked passwords are 123456789, qwerty, password, and 111111, with 123456 coming out on top. More than 23.3 million victims used 123456 as their password, according to the NCSC. No wonder that identity theft is on the rise.
Using a password manager to prevent password reuse is one of the easiest ways to protect yourself online in an era of never-ending data breaches and hacks. Password managers make it easy to generate strong, unique passwords for every account you have, track and manage all of your passwords in one place, and prevent one account compromise from cascading into an all out security meltdown.
Want more info on how to protect yourself? We published a new guide this month with lots of free and easy steps you can take to help increase your security and improve your cyber hygiene. You can also sign-up to get free data breach alerts with Bloom Radar.
Hackers Accessed Hotmail, MSN, and Outlook Emails
On Sunday, Motherboard reported that hackers had broken into a Microsoft customer support account, allowing them to “access email content from a large number of Outlook, MSN, and Hotmail email accounts.” The compromised support account gave hackers the ability to view users' emails, calendars, and profiles. In an email to affected customers, Microsoft said, “We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account.”
In the email, Microsoft said that it had immediately shut down the compromised support agent’s account but provided no information on how many accounts were improperly accessed. According to Motherboard’s source, hackers had access for at least six months. Microsoft later denied the claim and said that the perpetrators only had access from January 1st to March 28th. Microsoft also reiterated that users’ login credentials were not directly impacted by the incident.
Bloom: Take Back Control of Your Data
At Bloom, we are giving you the tools to take back control of your data. No more centralized data storage. No more selling off your data to the highest bidder. No more risking identity theft. Bloom enables you to own, control, and protect your data using the latest advancements in blockchain technology.
It’s time to take back control of your data and unlock the power of a secure, reusable identity today. Download the Bloom mobile app to build a cryptographically secured identity, sign-up for data breach alerts with Radar, and browse the latest credit offers in the Marketplace!