Suche
Hacker strikes: Data of 1 billion Facebook users leaked!
A hacker claims to have stolen data from 1 billion Facebook users. What does that mean for those affected?
Hacker strikes: Data of 1 billion Facebook users leaked!
A hacker claims to have obtained a massive amount of Facebook users data. According to [oe24.at] (https://www.oe24.at/welt/hacker-soll-soll-soll-von-1-milliarde-facebook-nuklaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut-klaut. This information is said to have been procured by an abusive API by META and include a variety of sensitive information, including user IDs, names, email addresses, telephone numbers, birth data, genders and location information. The published data records are current and not part of earlier data leaks.
The situation is tense because it remains unclear how the users concerned will react to this incident. Experts also warn of possible long -term effects on trust in Facebook.
Past data protection incidents and legal consequences
In the past, there have already been serious data protection incidents, including the theft of data from 533 million Facebook accounts in 106 countries. These were published in April 2021 and contained information such as names, cell phone numbers and places of residence. The incident was made possible by the misuse of the "Contact Import" function of Facebook, as reported zdf.de.
In 2022, the Irish data protection authority imposed a fine of 265 million euros against Meta on this matter. In addition, the Federal Court of Justice (BGH) has made an important judgment that states that the loss of control over personal data can also justify a claim for damages. This prompted a transfer to the Cologne Higher Regional Court to make further findings.
Legal situation and measures for companies
The current developments raise questions about the reporting obligations in data protection incidents. According to [Anwalt.de] (https://www.anwalt.de/rechtstipps/datenschutz-meldei- and-massungen-fuer-company-240685.html), a company must report a data protection incident within 72 hours of the responsible data protection authority if this represents a risk for the rights and freedoms of the data subject. In the event of high risk, affected users must be notified immediately. Such incidents can be triggered by cyber attacks, failure or technical errors.
Companies are obliged to quickly analyze data protection incidents and take measures. This includes the notification of those affected, unless there are technical protective measures that minimize the risk or there is a disproportionate effort for the notification.
The developments on Facebook and the several legal questions relating to data protection and consumer rights are not only important for the affected users, but also for companies that have to constantly improve their security standards in order to avoid such incidents. The deadlines for claims for damages against Meta run on December 31, 2024, and a fine of up to 798 million euros is sought by the EU Commission.