"Irish Data Protection Commission Fines Meta Over 2021 Data-Scraping Leak"

The Irish Data Protection Commission (DPC) fined Meta $275.5 million for a data leak suffered by Facebook in 2021 that exposed the data of millions of Facebook users. Meta is also subject to a number of corrective measures imposed by the DPC. On April 3, 2021, a user leaked the phone numbers and personal information belonging to 533 million Facebook users on a hacking forum. Alon Gal, CTO of cyber intelligence firm Hudson Rock, was the first to report on the data's availability. The leaked data impacted users in 106 countries, with more than 32 million records belonging to US users, 11 from the UK, and 6 million from India. Users' phone numbers, Facebook IDs, full names, locations, birth dates, bios, and, in some cases, email addresses were among the information leaked. Following the disclosure of the data leak, the Irish DPC launched an investigation into Meta's potential General Data Protection Regulation (GDPR) violations. Threat actors gathered the information by exploiting a vulnerability fixed in 2019 that allowed data to be scraped from the social media platform. Facebook said at the time that the data was gathered by malicious actors who used a Facebook tool called "Contact Importer" to upload a large number of phone numbers to see which ones matched the service's users. The company reiterated that it had removed the ability to scrape its services using phone numbers in 2019. The DPC has now concluded its investigation and argued that Meta violated the GDPR by failing to implement appropriate technical and organizational measures, and failing to implement the necessary safeguards as required by European Regulation. This article continues to discuss Meta getting fined by the Irish DPC for the data leak suffered by Facebook that exposed data belonging to millions of Facebook users.

Security Affairs reports "Irish Data Protection Commission Fines Meta Over 2021 Data-Scraping Leak"