Updated: Nov 8, 2021
After Facebook leaked information on 530 million of its users, Italy is investigating Microsoft under the same circumstances and affecting almost the same number of users of the LinkedIn social network to determine responsibility.
"Not seen, not caugh, not responsible": the GAFAS social networks do not seem to be the best pupils in terms of data protection, compliance with regulations, or commitment to accountability. When it was officially acknowledged that Facebook had allowed details of more than 530 million users to be "vacuumed up" through the use of a "scraping" technique, the company deliberately did not intend to notify anyone. However, phone numbers and other user information were available in a public database.
The Facebook spokesperson said in this regard that the "company was not satisfied that it had complete visibility into which users should be notified". He said this also took into account that "users could not fix the problem and the data was publicly available, so there was no need to notify users."
The recovered data did not include sensitive financial, health or password information, Facebook said. However, the data collected could provide valuable information to hackers.
One might therefore have thought that this incident would have alerted other social media. But after Facebook, it is now LinkedIn's turn.
Linkedin data leak: what about liability?
The Italian Data Protection Authority is currently investigating a leak of personal data from LinkedIn accounts. The files contain telephone numbers and user names and would again concern 500 million people, according to the specialist site CyberNews.
The Italian authority explains that it opened the investigation following "the dissemination of user data, including identifiers, full names, email addresses, phone numbers". The regulator explained that Italy has one of the highest numbers of LinkedIn subscribers in Europe and called on the users concerned to "pay particular attention to any anomalies" related to their phone number and account.
LinkedIn quickly responded with a statement, and denied that it was behind the data leak. "We investigated an alleged set of LinkedIn data that was put up for sale and determined that it was an aggregation of data from a number of websites and companies," says its spokesperson.
The company adds that "this was not a data leak from LinkedIn, and no data from private LinkedIn member accounts was included in this leak. LinkedIn concludes that when "someone tries to take member data and use it for purposes that LinkedIn and its members have not agreed to, the company works to stop them and hold them accountable".
Will users be informed?
This announcement comes just days after a data leak from Facebook impacting 533 million accounts, including more than 20 million French users, came to light. Data such as phone numbers had been circulating in the darknet since 2019, but this appears to be the first time it has been freely available.
Facebook did not inform users in 2019, and still does not seem to want to do so, even though the GDPR requires companies to keep users informed of any leak of their personal data. Will LinkedIn go the same way as Facebook? This seems to be the case, as the social network defends itself from having been the victim of a "leak" as such. A distinction that obviously does not change anything for the users concerned. It is now up to the Italian authorities to decide on the matter and determine who is responsible.
Social networks losing trust on the user side
Already in 2018, B2CLOUD launched a study among a panel of European users to determine what value they placed on their personal data, what measures they applied to protect it and what level of trust they had in the main social networks. 94.4% of respondents were concerned and worried about the use of their personal data on social networks
What to do in case of a data leak?
1- Use strong passwords (mix of upper/lower case letters, numbers, special characters and punctuation marks longer than eight characters)
2- Use a different password for each digital service, so that the compromise of one service will not impact the others! If remembering all your new passwords is a hindrance to setting up a safe environment, you can use a password manager that will remember them for you!
3- Change your password regularly!
4- Activate two-factor authentication when it is available.
It is possible to quickly check if your data has been leaked on Cybernews
See also :