Data analytics firm, Cambridge Analytica, has been exposed for misusing the information of 50 million Facebook users. This instance was not a security breach; it was an issue of digital privacy abuse, as Cambridge Analytica misused data to craft personalized advertisements. The majority of data was collected without the end users’ permission or knowledge.
For additional information on digital privacy and securing social media accounts, see the eSentire Threat Intel blog post on this topic 1.
What you should do about it
- If using Facebook in a work setting, review what information is shared and what data is stored.
- Review Facebook third-party application permissions 2.
- Opt out of targeted ads on Facebook 3.
- Review what information is publicly available across your social media accounts.
Cambridge Analytica obtained the information on Facebook users through a third-party application titled “thisisyourdigitallife” 4. 270,000 users knowingly installed the app which harvested their data along with the data of everyone on their ‘friend’ list; Facebook users with increased privacy settings were not affected. The information harvested from accounts included profile details, friend networks, and likes. Law enforcement and Facebook investigations regarding Cambridge Analytica are ongoing.
In response to claims that Facebook has poor data privacy policies, the company is conducting a “comprehensive internal and external review”. The company has also stated that it will notify all users affected by Cambridge Analytica’s use of Facebook data 5.
Depending on individual security settings, third-party applications may have access to a trove of personal data including bios, timeline posts, family and friendship information, religious and political views and more.