Okay, So Cambridge Analytica Got My Data: Now What?

NEWS ANALYSIS: The company that infamously stole 87 million Facebook profiles is now claiming that it deleted all that data, but in reality, that doesn’t really matter.

Facebook.Cambridge.analytica.logos

When I saw the notice on my Facebook news feed, I felt a chill. My information was part of the breach that sent 87 million Facebook profiles to Cambridge Analytica. When I went back later to see what I could find out, that post had vanished, but I was able to find details in the Facebook Help system.

“Based on our investigation, you don't appear to have logged into ‘This Is Your Digital Life’ with Facebook before we removed it from our platform in 2015,” the notice said.

“However, a friend of yours did log in.”

The notice went on to say: “As a result, the following information was likely shared with ‘This Is Your Digital Life’: Your public profile, Page likes, birthday and current city.”

Personal Messages Were Entangled with a Friend's PII

The notice also said that some people included their news feed, timeline, posts and messages which could have included messages or posts from me and may have included information that was not in my public profile.

After I thought about this, I decided that I had nothing to worry about. Unlike most people, I don’t do anything on Facebook that’s not already public, and I’m careful not to post anything that contains personal information that I don’t want to be seen in public. In fact, just as is the case with my LinkedIn profile, I primarily intend my profile to be used professionally, and that means it needs to be public.

But I’m not like most Facebook users. For many people, Facebook is a means of communications with their most intimate friends and their families in addition to more distant acquaintances. They likely do have personal details they don’t want to be made public. In addition, they have information in their Facebook profile that may be a gold mine for identity thieves.

While it’s true that the breach did not get anything like credit-card numbers or Social Security numbers, the chances are that other important information did get taken. This could include your birthdate, your address or the names of your family members. It likely includes the names of your pets, your high school or college, your co-workers, your boss and the names of your employer and likely the places with which you do business.

How to Retrieve All Your Data from Facebook

Consider the fact that at least some of your information is almost certainly already for sale on the dark web, and you’ve got a perfect store of data for the creation of a phishing email. This is because the bad guys will try to create an email that you will want to open, and that will contain a link you will want click on. If it looks like it’s from someone you know and contains credible information, you’re likely to trust it. That’s all it takes.

While a bad guy can go to your Facebook profile directly and perhaps get some of the information he needs, it’s much more convenient if it’s all there, neatly packaged.

This is not to suggest that Cambridge Analytica is going to place your data on the dark web. That’s highly unlikely. The company already has enough trouble, and it needs to stay out of trouble if it wants to remain in business. But those names that were sold to Cambridge Analytica also went to other companies, as Facebook’s Mark Zuckerberg admitted during his congressional testimony. So you don’t know where your Facebook data really is.

What you need to do is see how bad the problem is. Start by opening the Web version of Facebook at facebook.com signing in, and opening the menu that’s indicated by the small down arrow next to the help icon. Choose “Settings.”

At the Settings menu, choose “General” and then find the link that says “Download a copy of your Facebook data.” Click that link, and after you enter your password, you’ll see another screen with a button that says “Download Archive.” Click that button. Facebook will collect your data and present you with a link for the download once it’s ready, which could take a few hours.

Level of Detail 'Astonishing'

Facebook will send you your complete profile, along with your timeline history, your messages including the ones from Facebook Messenger, your photos, videos and the Facebooks apps you use. This may not sound like much, but the level of detail is astonishing.

How detailed? For example, the photos include your camera metadata, which says what camera you used, the settings, the GPS location and even the IP address you used to upload the photo to Facebook. This can pinpoint where you were when the photo was taken.

The messages include every message you’ve sent, including complete conversations with everyone with whom you’ve communicated.

Exactly how much of this material was obtained by Cambridge Analytica is unclear, but it probably didn’t include your messages. But it certainly does include anything that a stranger can see if they click on your name in Facebook.

There’s nothing you can do about the data that’s already been taken, but if you examine your Facebook download, you can see if any of the information is included in answers to security questions on the websites you use. If they are, you should go to those websites and choose different questions, or if necessary, make up new answers.

For Personal 'Secret Questions,' Lie: But Remember the Lie

In the future, when you’re asked to come up with answers to security questions, lie. If your mother’s maiden name was “Smith” then tell the website it was “Jones.” Just keep track of what lies you use.

One benefit is that you’ll know if someone has your data, because you may start seeing those names pop up in unexpected places, such as phishing emails.

While you can’t undo the breach, and while you can’t get your data back from whoever has it, you can use the information to protect yourself. You can also use it to guide what you do with your data in the future. This is one case where too much information is really a dangerous thing.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...