Security News > 2022 > November > Meta fined €265M for not protecting Facebook users' data from scrapers
Meta has been fined €265 million by the Irish data protection commission for a massive 2021 Facebook data leak exposing the information of hundreds of million users worldwide.
Facebook at the time said threat actors collected the data by exploiting a flaw in its "Contact Importer" tool to associate phone numbers with a Facebook ID and then scraping the rest of the information to build a profile for the user.
25(1) - The data controller shall implement appropriate technical and organizational measures, such as pseudonymization, and integrate the necessary safeguards into the processing to meet the requirements of this Regulation and protect the rights of data subjects.
Data scrapers are automated bots that exploit open network APIs of platforms that hold user data, like Facebook, to extract publicly available information and create massive databases of user profiles.
While no hacking is involved, the data sets collected by scrapers can be combined with data from multiple points, creating complete profiles on users, hence making their tracking from marketers or targeting from threat actors a lot more effective.
LinkedIn took things to court to prevent data scraping on the platform, securing an injunction against legal scraper operators and preventing them from using data they already collected in this manner.