Facebook has been in the headline a lot lately, and for all the wrong reasons. This time around FB is getting tangled in a whole mess of culpability gray areas that has garnered a lot of headlines, but in truth is more a warning tale of the state of online personal security than it is some kind of large scale cyber offensive. The truth is that the Facebook data leak wasn’t a hack, it was business as usual.
What Exactly Happened Between Facebook and Cambridge Analytica?
A whistleblower at Cambridge Analytics recently came forward about the workings of a deal that saw a Cambridge researcher (Aleksander Kogan) exploit, extract and sell the online data of 30-50 millions FB profiles to Cambridge Analytica (which the whistler-blower referred to as “Steve Bannon’s psychological warfare tool”).
How was the Facebook Data Breach Accomplished?
While working as a psychological researcher at Cambridge Aleksander Kogan developed an app which exploited a loophole in Facebook’s API (an API is a digital access door to a companies data).
“With research in mind”, Aleksander joined forces with (the now whistle-blower) Christoper Wylie to use this API flaw to get the personal information of the all the people than installed their app, AND the personal information of the people who were their Facebook friends.
Their app was called “thisisyourdigitallife” and it got 270,000 people to provide access to their FB profiles.
The failure and unbelievable lack of security foresight by FB, was that getting access to one user’s FB information also gave you access to all the profile information of their friends as well.
With some simple math, the estimated profile data mining was between 30-50 million profiles.
FYI – this loophole was silently changed by FB in 2015 and FB has accused Kogan and Wylie of violating their Terms and Conditions which is supposed to limit the sharing of data with 3rd parties for commercial purposes.
It is also important to note that anyone could have developed an app and gotten access to this same data, we simply know about this because of the recent expose.
With this information in hand, Kogan sold his research to Cambridge Analytica, where men like Steve Bannon, Alexander Nix and Robert Mercer sit on the board of directors.
CA then used it’s recently acquired data to create a personality profiling methodology and began selling themselves as a “voter compiling company”.
So, the Facebook Data Exploit Explained in a nutshell…
Prior to 2015, Facebook’s API basically gave anyone with a catchy app the ability to mine the profile data of user’s AND THEIR UNWITTING FACEBOOK “fRIENDS”.
Kogan, a Cambridge data researcher, and Wylie gave Cambridge Analytica the data while claiming they were unaware of how the data was going to be used.
Wylie, the “whistle-blower”, has brought press to this subject but the truth is that Pre-2015, lots of developers could have gotten the same information and sold it to any company, we are simply talking about this case because Wylie was disgusted with how he believed CA was manipulating, and selling this data.
Through all of this, FB claims no culpability and says this was a breach of their terms and conditions