Back in December 2018, Facebook reported a data breach which exposed the private photos of 6.8 million users to third-party apps. In their announcement, the company stated that the internal team uncovered a photo API bug that let third-party apps access private photos of users for 12 days (13-25 September 2018). The company added that they had fixed the problem, but some third-party apps may have seen the private photos shared on Facebook Stories as well.
As a response, the Personal Data Protection Authority (KVKK) from Turkey has seen that around 300,000 Turkish users were affected by the data breach in September 2018 and Facebook didn’t react in time to take the technical precautions and solve the issue as fast as possible. In April 2019 KVKK has fined Facebook $270,976 after concluding that the company didn’t protect the personal information of its users.
Facebook Privacy Issues, Law Violation and Data Breaches
In the past year, Facebook has been through a rough time facing issues with user privacy and other sensitive information.
Another recent problem was revealed by Vietnam’s new cybersecurity law, which Facebook has violated it. The law doesn’t allow users to post anti-government comments on the social networking platform.
The law took effect starting with January 1, 2019, and now Vietnam will control the content on the Internet and the global tech companies that operate in their country. According to CISOMAG, the Ministry of Information and Communications of Vietnam stated that the law had been violated by Facebook in three areas: content management, online advertising, and tax liability.
According to the new law, international tech firms such as Facebook, Google and others must store local users’ data on local servers in Vietnam, and the companies must set up offices in the country.
In recent researches from UpGuard (cybersecurity firm), Facebook user account information was exposed on Amazon cloud servers, exposing hundreds of GB of data which contained more than 540 million records of sensitive information, comments, reactions, names and more. The data that was stored on Amazon’s cloud service had no password protection, meaning that anyone could have accessed it.