Blockchain and Web3 companies are trying to prevent leaks like these in the future by creating alternative login processes and distributing necessary data collection in a highly decentralized manner.
Ireland’s Data Protection Commission (DPC) revealed on November 28 that it has fined Facebook developer Meta €265 M ($274.8 M) for violating the European Union’s General Data Protection Regulation (GDPR). Especially, the commission said it had fined Meta for failing to design Facebook to protect users from data breaches.
The announcement followed more than one year investigation which started in April 2021. The breach itself happened even earlier, in late 2019.
The data breach was initially discovered when a Tech Crunch report announced that hundreds of millions of Facebook users’ phone numbers were listed in a publicly available database online. Though the database was later deleted by the web host, its existence indicated that Facebook’s data had been breached.
In April 2021, the DPC started investigating the breach. At the time, Meta released a statement about the breach named “The Facts on News Reports About Facebook Data.” Meta claimed that an attacker had used its call importer tool to spam the server with phone numbers to see which Facebook accounts were associated with them.
Each time the attacker received a response, they could obtain the user’s personal information and match these details with the user’s phone number. Thus, users’ personal information was provided to malicious actors.
In the report, Meta claimed that the call importer patched the vulnerability after the breach was discovered and that the tool was currently secure.
According to the DPC’s new statement, “violations of Articles 25(1) and 25(2) GDPR” due to the incident and “has imposed administrative fines a total of 265 million euros.”
The use of personal data in social media applications has become controversial lately as data breaches have become common.
Different blockchain companies have tried to solve the problem by creating blockchain social media apps which don’t force users to provide their email address or phone number. For instance, both Bitclout and Blockster are social media apps which let users log in with only an ETH wallet.
Besides, Ethereum developers have come up with a proposal called EIP-4361 to standardize the wallet login process across all applications. Supporters think this could eliminate the need to ask users for sensitive personal information in social media apps, that could help to prevent future breaches like this one.
IMPORTANT DISCLAIMER: All content provided on this website, any hyperlinked sites, social media accounts and other platforms is for general information only and has been procured from third party sources. We make no warranties of any kind regarding this content. None of the content should be interpreted as financial, legal, or other advice meant to be relied on for any purpose. Any use or reliance on this content is done at your own risk and discretion. It is your responsibility to conduct research, review, analyze, and verify the content before relying on it.