Meta was fined €265 million for letting scrapers steal Facebook’s centralized user data from the Blockchain. Web3 companies are trying to prevent leaks like this from happening in the future by creating alternative login procedures and disseminating the necessary data collection in a highly decentralized manner.
On November 28, the Irish Data Protection Commission (DPC) announced that it had assessed Meta, a developer for Facebook, a fine of €265 million for violating the General Data Protection Regulation (GDPR) of the European Union. The commission said that Meta had been fined because it didn’t design Facebook in a way that would keep users’ data safe.
The announcement came after an investigation that lasted more than a year and started in April 2021.In late 2019, the breach itself took place even earlier.
A Tech Crunch report revealed that the phone numbers of hundreds of millions of Facebook users were listed in an online database that could be accessed by anyone. This was the first sign of a data breach. Despite the fact that the web host later deleted the database, its existence revealed that Facebook’s data had been compromised.
The DPC began looking into the breach in April 2021.Meta released a statement about the breach under the title “The Facts on News Reports About Facebook Data” at the time. Meta asserted that an adversary had made use of its contact importer tool to send phone numbers to the server in an effort to determine which of the numbers had Facebook accounts associated with them.
The attacker was able to match the user’s personal information with their phone number each time they received a response. As a result, malicious actors had access to user personal data.
After the breach was discovered, Meta claimed in the statement that it had patched this contact importer vulnerability and that the tool was now secure.
The new DPC statement says that because of this incident, it found “infringement of Articles 25(1) and 25(2) GDPR” and “has imposed administrative fines totaling €265 million.”
Due to the prevalence of data breaches, the use of personal data in social media apps has become contentious in recent years.
By developing blockchain social media apps that do not require users to provide their email addresses or phone numbers, a number of blockchain companies have attempted to address the issue. Social media apps like Blockster and Bitclout, for instance, let users sign in with just an Ethereum wallet.
A proposal titled “EIP-4361” has also been submitted by Ethereum developers to standardize the wallet login procedure across all apps. Supporters believe that by doing this, social media apps won’t have to ask users for sensitive personal information, which could help keep breaches like this from happening in the future.
