Top infosec trends in the social media spotlight this week

It looks like the ongoing saga that is Facebook isn’t going away any time soon, as politicians this week put Mark Zuckerberg and his billion-dollar company in the hot seat at the very first international grand committee on disinformation and fake news.

Except Zuck was a no-show.

Instead, lawmakers who attended the London meeting relented with questioning Facebook’s vice president of policy solutions, Richard Allan, who admitted it was “not great” that his boss skipped the latest Q&A session on the company’s data management practices.

The hearing, spearheaded by the UK’s Department for Digital, Culture, Media and Sport, further examined Facebook’s use of information and scandalous partnership with Cambridge Analytica – the firm that leveraged the social media platform to influence the 2016 US Presidential election, among other political campaigns.

The UK’s Information Commissioner’s Office (ICO), which slapped Facebook with a £500,000 fine in October, was also questioned in the day-long hearing, where calls for regulation intensified in Zuckerberg’s absence.

“We fined Facebook because it allowed apps and app developers to harvest the personal data of its customers,” Information Commissioner Elizabeth Denham said, responding to questions related to the company’s decision to appeal its hefty data protection penalty.

Keeping in form, the ICO also slapped Uber with a bill, although just this week, for “failing to protect customers’ personal information” during a 2016 hack that impacted millions of its users.

The ICO investigation found that several security flaws within the Uber infrastructure allowed attackers to easily gain access to the company’s data storage and thus names, emails, and phone numbers of people, globally.

In a bizarre turn of events, the tech giant had decided to pay the hackers $100,000 to destroy all evidence of their intrusion. To make matters worse, the company waited a year before bothering to tell anybody about it.

The ride-sharing app was also fined by Dutch data watchdogs – €600,000 ($678,780) – over the same incident, but some said it should have been more.

Elsewhere, Germany has exercised its new GDPR prowess, having issued its first fine (€20,000) to a popular dating app, Knuddels.

The social platform, the Baden-Württemberg Data Protection Authority said, had failed to
store users’ data properly when an attack exposed the details of 1.8 million accounts in July.

The takeaway here (once again): don’t store sensitive information in plaintext.

Lesson learned, Knuddels managed to avoid the full force of GDPR (€20 million or 4% of a company’s annual turnover), as it notified its users as soon as learning of the breach, and proceeded to cooperate with the German data watchdog.

But a particularly alarming story that ran in The Daily Mail this week painted a much different picture of how the EU legislation was affecting German citizens.

Whether or not Santa would be in violation of GDPR had been a known concern in the lead-up to its implementation on May 25 of this year.

But The European Commission, thankfully, has released a statement debunking the rumour that Christmas wish lists would be banned.

It also added: “Santa Claus should have the contact details of a family in order to deliver presents on the wish list he received – in the case of minors, provided their parents agree.”