The Turkish government’s watchdog, Personal Data Protection Authority (KVKK), recently fined Facebook a total of 1.65 million Lire ($270,976.01) in April 2019, for failing to protect its users’ personal information.
The fine comes after Facebook reported a data breach in December 2018, that exposed 6.8 million users’ private photos to third-party application developers. The social networking giant stated that its internal team discovered a photo API bug that allowed third-party apps to access users’ photos for 12 days between September 13 to September 25, 2018. The company declared that it has fixed the issue, but some third-party apps may have had access to a wider set of photographs which were uploaded/shared on the Facebook Stories.
KVKK stated that the data breach affected around 300,000 users in Turkey last year and Facebook not reacted in time with technical precautions regarding the issue.
Facebook has already faced severe criticism over privacy issues last year and in recent times. The company drew fire for not handling users’ sensitive information on its platform. In January 2019, the Ministry of Information and Communications (MIC) of Vietnam stated that Facebook has violated its new cybersecurity law by allowing users to post anti-government comments on its platform.
The concern was raised at a media conference held by MIC’s Authority of Broadcasting and Electronic Information (ABEI). The ABEI stated the social media giant had violated Vietnamese cybersecurity laws in three major areas: managing content, online advertising, and tax liability. This comes days after Vietnam lawmakers approved the controversial new cybersecurity law that took effect from January 01, 2019, that controls the Internet content and global tech companies operating in the country. The new cyber law requires Facebook, Google, and other international tech firms to store local users’ data on local servers and set up offices in Vietnam.
Recently, Researchers from the cybersecurity firm UpGuard discovered that Facebook user account information was exposed on Amazon cloud servers. The security team at UpGuard stated that they found two data breach incidents in different regions.
The first incident was originated from the Mexico-based media company Cultura Colectiva which exposed around 146 GB of data that contained over 540 million records detailing comments, likes, reactions, account names, FB IDs, and other sensitive information. The second was a separate database from a Facebook-integrated app named ‘At the Pool’ which exposed data via an Amazon S3 bucket. UpGuard stated the data was stored in Amazon’s cloud service without password protection and could easily be accessed by outsiders.
