Data breach is a major player when it comes to causing financial as well as reputational losses to a business. With the implementation of laws such as GDPR and a plethora of privacy debates going across the globe, unethical data collection or poor coding practices are the new players in the town. In the last two weeks, Microsoft and Instagram have been in the news – one for collecting MS Office user data while other for displaying passwords in the plain text. This post will discuss both these incidents and their significance.
The attacks have struck again and this time affecting millions. In yet another unprecedented hack against the internet giant Facebook, it was disclosed that at least 50 million users (later changed to 30) were directly affected by the newly identified source. It is being said that based on this attack, a hacker would be able to get into and take control of user accounts just as if it were them. In light of the requirements of the GDPR, Facebook was under a regulatory burden to report the breach, which it did in time. Details, however, were not released by the company pending investigation. Only the stipulation that data of users including their private messages could have been accessed was made public initially.
Alongside Facebook’s Cambridge Analytica incident, Google suffered a blow of its own. In March, a bug was found in the Google+ API that allowed third-party apps access to data of users who granted permissions to their profiles and also their friends. Evidently, Google did not disclose the finding of this bug and the subsequent data leak amid the growing concerns of data privacy across the globe and the scrutiny that Facebook was facing. Some reports also suggest that the leak was kept hush-hush due to the fear of drawing regulatory scrutiny and repetitional damage.