On Nov. 28, the Data Protection Commission (DPC) of Ireland announced a €265 million fine on Facebook developer Meta for failing to design Facebook in such a way that it would safeguard users from data scraping.
According to the regulator, the Facebook developer violated the General Data Protection Regulation of the European Union (GDPR).
Meta vulnerable to data scraping attacks
The data breach was found after a Tech Crunch report revealed that the phone numbers of hundreds of millions of Facebook users were exposed in a publicly accessible database online.
The breach took place in late 2019.
According to a new DPC statement, the incident resulted in “infringement of Articles 25(1) and 25(2) GDPR” and “administrative fines totaling €265 million.”
The DPC began looking into the issue in April 2021. The attacker allegedly utilized Meta’s contact importer tool to flood the server with phone numbers to check which ones had Facebook accounts connected with them, according to a statement about the breach that Meta published at the time titled “The Facts on News Reports About Facebook Data.”
Personal data collection controversy
As data breaches have increased in frequency over the past few years, the use of personal information in social networking apps has come under scrutiny.
Several blockchain startups have sought to address the issue by developing blockchain social media apps that do not require users to provide email addresses or phone numbers.
Ethereum developers have also proposed an “EIP-4361” plan to standardize the wallet login process across all apps.