Privacy Roundup #0140 • March 2018
The Cambridge Analytica scandal broke this month and dragged Facebook into a global reckoning over data harvesting, while breaches, a sweeping surveillance law and a ransomware siege of Atlanta filled out the rest.
1. The Guardian and the Observer reveal Cambridge Analytica harvested millions of Facebook profiles
Christopher Wylie went public as a whistleblower, telling the papers that Cambridge Analytica had improperly obtained data from tens of millions of Facebook users. The disclosure set off the largest privacy reckoning Facebook had faced and wiped tens of billions from its market value within days.
2. Facebook suspends Cambridge Analytica and its parent SCL Group
On the eve of the press reports, Facebook announced it was banning Cambridge Analytica and SCL Group for passing harvested data to third parties in breach of its rules. The company said it had been told the data was deleted in 2015 but had since learned that was not true.
3. Channel 4 News films Cambridge Analytica executives boasting of bribery and honey traps
Undercover footage captured chief executive Alexander Nix describing how the firm could entrap politicians using bribes and sex workers. The broadcast deepened the scandal and led to Nix being suspended the following day.
4. Mark Zuckerberg apologises in a CNN interview over the data scandal
Days after the story broke, the Facebook chief executive told CNN that the episode was a major breach of trust and said he was really sorry it had happened. He admitted the company should have acted earlier and called the failure the biggest mistake it had made.
5. The FTC opens an investigation into Facebook's privacy practices
The Federal Trade Commission confirmed it was examining whether Facebook had violated its 2012 consent order by allowing the data of tens of millions of users to reach Cambridge Analytica. The inquiry eventually led to a record five billion dollar penalty in 2019.
6. UK data watchdog raids Cambridge Analytica's London offices
The Information Commissioner's Office executed a search warrant at the firm's headquarters late on 23 March, with investigators working into the early hours. The raid followed a stand-off in which the company had failed to hand over requested material.
7. Christopher Wylie testifies to a UK parliamentary committee
The whistleblower gave hours of evidence to the Digital, Culture, Media and Sport Committee about data harvesting and the targeting of voters. He alleged close links between Cambridge Analytica and the Canadian firm AggregateIQ during the Brexit referendum.
8. AggregateIQ leaves Brexit campaign code and credentials exposed online
Security researcher Chris Vickery found a public GitLab instance run by the firm that contained source code, passwords and details of its work for pro-Leave groups. The exposure linked AggregateIQ more tightly to Cambridge Analytica and to the 2016 referendum.
9. WhatsApp co-founder Brian Acton tells people to delete Facebook
Acton, who sold WhatsApp to Facebook for nineteen billion dollars, tweeted his support for the #DeleteFacebook movement during the scandal. His call gave fresh momentum to a backlash that had users questioning whether to keep their accounts.
10. Facebook is found to have scraped call and text logs from Android phones
Users who downloaded their Facebook data archives discovered years of call and SMS metadata that the apps had quietly collected. Facebook denied taking the data without consent, but the records contradicted that account.
11. Mozilla launches a Facebook Container extension for Firefox
The browser add-on isolated Facebook into its own tab so the network could not follow users around the rest of the web. Mozilla released it during the scandal as a way for people to limit tracking without deleting their accounts.
12. The CLOUD Act passes, expanding cross-border access to data
Congress slipped the Clarifying Lawful Overseas Use of Data Act into a vast spending bill that was signed into law on 23 March. Privacy groups warned that it let police reach data stored abroad and let foreign governments demand data without strong safeguards.
13. The Senate passes FOSTA-SESTA in a near unanimous vote
Lawmakers approved the anti-trafficking package by 97 votes to 2, undermining the Section 230 protections that shield online platforms. The EFF called it a dark day for the internet and warned the law would silence lawful speech.
14. Under Armour discloses a breach of 150 million MyFitnessPal accounts
The company said an unauthorised party had taken usernames, email addresses and hashed passwords from its fitness app in late February. It was one of the largest breaches of the year and prompted a mass password reset.
15. Orbitz reveals a breach exposing about 880,000 payment cards
The Expedia-owned travel site said attackers may have accessed card numbers, names, addresses and other details tied to bookings made in 2016 and 2017. Orbitz offered affected customers a year of free credit monitoring.
16. SamSam ransomware cripples the city of Atlanta
Attackers locked up municipal systems on 22 March, knocking out court, utility and parking services and forcing staff back to paper. The recovery ultimately cost the city many millions of dollars.
17. A record 1.7 Tbps memcached attack breaks the new DDoS record
Just days after GitHub was hit, a US service provider absorbed an even larger flood that exploited misconfigured memcached servers. The amplification technique let attackers turn small requests into enormous bursts of traffic.
18. New Orleans ends its secret Palantir predictive policing programme
After reporting revealed a quiet partnership that fed data into crime prediction tools, the city said it would not renew the contract. Civil liberties groups warned that such systems entrench bias and operate without public scrutiny.
19. Kaspersky exposes the Slingshot cyber-espionage campaign
Researchers detailed sophisticated malware that had infected routers to spy on roughly a hundred targets across the Middle East and Africa. Reports later suggested the operation was run by US military forces against suspected militants.
20. Cambridge Analytica suspends chief executive Alexander Nix
A day after the Channel 4 broadcast, the firm's board suspended Nix pending an independent investigation. It said his secretly recorded comments did not represent the values of the company, and it appointed Alexander Tayler as acting chief executive.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: