Facebook has suffered another major data breach, exposing the personal information of 210 million Facebook users. It follows the 2018 data breach in which 50 million accounts were illegally harvested by Cambridge Analytica. In the latest breach, a security researcher told TechCrunch that he had found a publicly accessible database containing Facebook IDs, phone numbers and in some cases, each user’s full name.
There were 419 million records in total, but a Facebook spokesperson said that many were duplicates, and old—from the times when Facebook let you search accounts by phone numbers. The majority of the records were from US users—133 million—while 50 million records were on Vietnamese users and a further 18 million from the UK. Overall, it was one of the largest data breaches in history.
“The biggest companies need to do more to protect the personal data of their users,” Assistant Supervisor Wojciech Wiewiórowski of the European Data Protection Supervisor, told Decrypt, in response to questions over the data breach.
“It is a whole business model in use that needs to be scrutinized and streamlined with GDPR requirements and legal obligations,” he added.
This is the same regulatory body that signed a joint statement last month, which criticized Facebook for not providing enough data about its plans for Libra—Facebook’s upcoming cryptocurrency project set to launch in 2020.
Additionally, the Irish Data Protection Commission—which ran an investigation into Cambridge Analytica last year—has contacted Facebook for further details of the data breach.
Following the scandal, Silvia Chiofalo, a spokesperson at The Swiss Federal Data Protection and Information Commissioner—the regulatory body for personal data in Switzerland—told Decrypt that ultimately, it’s down to individual users to take responsibility for their own data, because “the more personal data a company processes, the greater the data protection risk.”
And this is certainly the case with Libra—a mingling of personal and financial data, held in the hands of Big Tech. While the Libra blockchain itself will only contain pseudonymous addresses—like Bitcoin does—the Facebook-owned Calibra wallet will maintain customers’ financial data.
“All this does is give regulators more ammo to shut down Facebook’s banking and financial-sector hopes, as well as more ammo in pushes to break up Facebook,” John Meyer, managing director at venture capital firm Starship Capital—which invests in the blockchain industry—told Decrypt.
Meyer said that Facebook’s leak will increase regulatory pressure on Libra as faith in the social network continues to erode as the number of leaks increases. Congress has drafted the “Keep Big Tech Out of Finance Act,” which aims to stop huge tech companies like Facebook from launching their own currencies and is seeking a moratorium on any further development of Libra.
The market is stacked against Libra, too. According to a survey of 140,000 crypto analysts released Tuesday by Cindicator, 49 percent said they wouldn’t touch it. Of the nay-sayers, 29 percent said it was due to a lack of trust in Facebook, and 11 percent put it down to privacy concerns.
Facebook’s new PR team will have its work cut out.