A huge data breach exposes millions of Facebook users’ personal photos. Tech giant Facebook faces another fine for not handling the data breach in timely manner.
Turkey’s Personal Data Protection Authority (KVKK) announced Friday (May 10th) it has fined American social media giant Facebook a total of 1.65 million lira ($271.000) due to a large-scale data breach.
The decision was taken after a photo application programming interface bug allowed third-party applications to access photos of more than 6.8 million Facebook users.The KVKK estimates that more than 300.000 Turkish Facebook users have been affected by the breach. Moreover, the KVKK states that the API bug occurred for 12 days in September 2018.
Facebook stands accused of not intervening in time which shows there were deficiencies in technical precaution regarding the issue. Facebook never made any statements about the personal data breach, which is an absolute violation of Turkish Data Protection Law article 12(5).
The KVKK said it decided to fine US-based social network for failing to fix the bug in time, but also for neglecting to notify Turkish authorities of the incident.
Facebook also investigated for other data breaches
However, the incident is not Facebook’s only clash with Turkish data protection authorities. Facebook is also investigated for another September 2018 data breach in which unknown attackers exploited three bugs stealing personal details of 50 million users (adjusted to 30 million).
This case is still pending, but Facebook may soon face another investigation from the KVKK.
In March 2019, Facebook disclosed yet another security incident, admitting to storing hundreds of millions of users’ passwords in plaintext.
Image source: LinkedIn - Serhat Turan – thread here
Safeguarding user data is essential to brand trust
Are you looking to becoming or maintaining compliance for your website company, check our product catalogue. Cookie Information provides ePrivacy and GDPR valid consent solutions for your websites and Mobile Apps, so you won’t have to worry about data breaches.
Become GDPR cookie compliant
Become GDPR cookie compliant today. Book a meeting with our compliance experts.
September 2018 data breach – Zdnett.com
Facebook keeps passwords in plaintext – zdnet.com