The Securities and Exchange Commission, FBI, and the Department of Justice are now reportedly investigating the social media giant after it failed to disclose that more than the data of 70 million platform users had leaked through a third-party application, sources told the Washington Post, Monday. The agencies join the FTC, which in March announced it was launching an investigation into Facebook’s data privacy practices.
Facebook said it has received questions from officials from those agencies and is in the process of answering them. It couldn’t confirm to what extent it is cooperating with them: “We are cooperating with officials in the US, UK and beyond. We’ve provided public testimony, answered questions, and pledged to continue our assistance as their work continues,” a Facebook spokesperson told Threatpost.
Christopher Wylie, a former Cambridge Analytica researcher and the whistleblower involved in the Facebook-Cambridge-Analytica scandal, tweeted on Tuesday that the “cat’s out of the bag” in terms of the investigation and confirmed that he had spoken to all four agencies.
A spokesperson for the Department of Justice declined to comment.
The FTC’s original investigation was to determine whether Facebook violated a consent decree from 2011, which requires the social network to receive explicit permission from users in regards to sharing their data with third parties. Facebook could face up to $40,000 in fines per violation if found guilty.
“Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook,” said Tom Paul, acting director of the FTC’s Bureau of Consumer Protection, in a statement.
Facebook has faced a barrage of critiques over the past week – and months – on the heels of its Cambridge Analytica scandal.
Last week, an ethical hacker said that he found that 120 million users’ data was exposed on a quiz app owned by Nametests.com. The ethical hacker noticed the website would fetch his personal information and display it on the webpage, nametests[.]com/appconfig_user. The data was then available for other sites to swipe it, he said.
Facebook also came under fire last week by a Norwegian agency that said it was using “unethical” tactics to nudge end users away from data privacy.
“It is important that these platforms clean up their image and be more responsible with their users’ data,” Andrew Avanessian, chief operations officer at Avecto, told Threatpost. “Despite Facebook’s efforts to resolve the issue through third-party data restrictions, social media users still need to be vigilant about where they are authorizing their data. Data harvesting will continue to be an issue no matter what the initiative is to fix it.”