Meta is taking aim at private surveillance companies that it says act as "cyber mercenaries" for hire. The Facebook parent company has banned seven of these companies from the platform, citing the targeting of users in over 100 countries.
Meta has issued statements indicating that a stoppage of EU-US data transfers would be "devastating" and could cause it to pull services from the region, even specifically naming Facebook and Instagram as products that could become inaccessible.
Facebook’s new €17 million GDPR fine stems from a failure to demonstrate that adequate security measures were in place to prevent the data breaches in 2018.
Anonymous inside sources revealed that an attack campaign conducted in the middle of 2021 netted sensitive user data from Apple and Meta, with the hackers posing as legitimate law enforcement agencies.
Underage Instagram users were opting to ignore privacy settings and work around them by opening business accounts, leading to a GDPR fine of €405 Million by the Irish DPC.
Meta stands accused of breaking Apple privacy rules, as a set of proposed class-action lawsuits describes it using its in-app browsers to track activity without user knowledge or consent.
Malicious apps appear to be flying below the radar of Google and Apple security by not taking an approach of installing malware or keyloggers; instead they simply ask for Facebook login information as a condition of starting up the app.
The GDPR fine was sparked by a round of media reports in early 2021 documenting how the personal data of over 530 million Facebook users was left open to data scraping for an extended period thanks to faults in certain tools.
Rogue Meta employees and contractors abused an internal tool called "Oops," which is primarily intended for in-house account recovery for employees and business partners. There were some cases of account hijacking for money.
Up to 87 million Facebook accounts had user data inappropriately accessed during the Cambridge Analytica scandal, in which a weakness in the platform's API was used to harvest protected profile and activity information.
