The Facebook Data Breach: What You Need to Know

facebook cambridge analytica

Over the weekend, social media giant Facebook came under fire for how their user data was harvested and used to affect voters’ opinions before the 2016 U.S. Presidential Election. Also under fire is Cambridge Analytica, a U.K.-based data firm that worked for the Trump campaign responsible for the harvesting and manipulating of that user data. The revelations have raised more questions about “fake news” and the psychological and political damage they can wreck.

Christopher Wylie, Cambridge Analytica’s co-founder, stated that his firm harvested the data of 50 million Facebook users. He shared evidence of his firm’s actions to the New York Times, The Observer, and to cybercrime investigators in the U.K.

In a statement on a U.K news station, Wylie said the harvesting “allowed us to move into the hearts and minds of America  voters in a way that had never been done before;” it allowed the company to develop psychological profiles and target political content more effectively. Cambridge Analytica harvested the data via a survey that collected the data of the user taking it and their friends, none of whom would be aware of the harvesting.

In response, Facebook announced it had suspended both Cambridge Analytica and Wylie from their platform for violating user data policies. In a response tweet, Wylie claimed Facebook knew about their data harvesting for 2 years prior to his revelations.

A lingering questions is the current status of the harvested data, specifically whether it still exists. Originally, Facebook and Cambridge Analytica claimed that all copies of the the data was deleted. Cambridge Analytica also claimed it never used the data in connection with the Trump campaign. However, the New York Times reported that the data firm still possesses the data. Facebook has since stated that it is conducting an internal and external investigation to ensure the data was deleted, and acknowledged that they may have been misled by earlier reports.

Lawmakers in both the U.S. and U.K. have leveraged criticisms at both companies and their CEOs. Both Mark Zuckerberg of Facebook and Alexander Nix of Cambridge Analytica have been accused of lying to lawmakers or of giving misleading statements on the risks of data harvesting. More than likely, both men will be called before Parliamentary and Congressional committees to explain themselves.

It is unclear whether these revelations will result in more regulations on data usage and harvesting. The lack of disclosure already violates laws in Britain and many U.S. states. Massachusetts Attorney General Maura Healey announced an investigation into Facebook and Cambridge Analytica. “Massachusetts residents deserve answers immediately from Facebook and Cambridge Analytica,” she said on Twitter.

Over the weekend, Facebook’s executives took to Twitter to claim this isn’t a breach, since their protections weren’t violated and no passwords were stolen. However, this has not calmed an increasingly angry public. If anything, it’s highlighted that personal data may still be vulnerable to the unscrupulous even outside of a data breach…or allowed to be vulnerable.

Facebook stocks fell 3% over the weekend.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner