Meta alerts: 50,000 Facebook users may have been spied on by private surveillance companies
Meta (formerly Facebook) announced Thursday that about 50,000 Facebook users have been targeted by private surveillance companies. The tech giant said the seven companies carried out a combination of reconnaissance, engagement, and exploitation.
In a blog post, Meta said, “We alerted around 50,000 people who we believe were targeted by these malicious activities worldwide, using the system we launched in 2015. We recently updated it to provide people with more granular details about the nature of targeting we detect, in line with the surveillance chain phases framework we shared above.”
In addition, Meta also said it has banned seven “surveillance-for-hire” companies from its platforms, which include Instagram, WhatsApp, and Messenger. Meta said it took action against Cobwebs Technologies, Cognyte, Black Cube, Blue Hawk CI, BellTroX, Cytrox, and an unknown Chinese entity. Four of them are located in Israel, one is in India, one is in North Macedonia, and the other is in China.
Meta’s David Agranovich, director of threat disruption, and Mike Dvilyanski, head of cyber espionage investigations, who authored the blog post, stated: “The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts.”
These surveillance companies target people including journalists and human rights activists in over 100 countries on behalf of their clients. Meta further added that these companies created fake accounts, befriended targets and used hacking methods to acquire information from their targets.
One of the surveillance companies behind these attacks is NSO, an Israeli cybersecurity startup we’ve covered several times in the past. Last month, the U.S. government blacklisted the company for its alleged role in the killing of The Washington Post journalist Jamal Khashoggi. Meta said that it is also taking legal action against NSO Group over the alleged spreading of Pegasus software via WhatsApp.
“Recently, there has been an increased focus on NSO, the company behind the Pegasus spyware (software used to enable surveillance) that we enforced against and sued in 2019. However, NSO is only one piece of a much broader global cyber mercenary industry.”
Meanwhile, this is not the first time Facebook users’ data has been exploited for commercial purposes. In 2018, FTC opened a non-public investigation into the company’s data practices following the Cambridge Analytica scandal.
Back then, Facebook took out full-page ads in several US and British newspapers to apologize for a “breach of trust” in the Cambridge Analytica scandal.
“You may have heard about a quiz app built by a university researcher that leaked Facebook data of millions of people in 2014,” said the ads signed by Zuckerberg, referring to the political consultancy company accused of manipulating Facebook data during the 2016 US election. “This was a breach of trust, and I’m sorry we didn’t do more at the time. We’re now taking steps to ensure this doesn’t happen again.”
Zuckerberg said in ads appearing in the UK’s The Observer, The Sunday Times, Mail on Sunday, Sunday Mirror, Sunday Express, and Sunday Telegraph, along with American newspapers The New York Times, Washington Post, and Wall Street Journal.