Facebook Warns Investors They Expect To Find 'Additional Incidents' of User Data Abuse

Facebook earned $4.99 billion in the first three months of 2018 (on sales of $11.97 billion). But their quarterly report included some new warnings, according to the Bay Area Newsgroup: In its 141-page filing with the Securities and Exchange Commission Thursday, Facebook -- like all public companies -- warned of risk factors, the official version of what might keep CEO Mark Zuckerberg up at night. Chief among them is the possibility of other Cambridge Analyticas. "We anticipate that our ongoing investments in safety, security, and content review will identify additional instances of misuse of user data or other undesirable activity by third parties on our platform," Facebook said in its 10-Q filing. It is a point that Zuckerberg made again and again during his Congressional testimony earlier this month.

What's more, Facebook knows it won't catch everything, even though the company is investigating and auditing away after revelations that political data consulting firm Cambridge Analytica accessed the information of up to 87 million Facebook users without permission... "We may also be notified of such incidents or activity via the media or other third parties."

For example:

[king+neckbeard]

For example: Our entire business model.

Bullsihit

[belthize]

Facebook doesn't anticipate finding "additional instances of misuse of user data". They've already found it and have no way to hide it. They're just figuring out how to announce with minimal impact.

If they hadn't found it or had found it and thought they could hide it they would keep their mouths shut on the issue.

Re:Bullsihit

[Zocalo]

If they have evidence of other breaches then we'll be hearing about it pretty soon, I expect. May 25th is GDPR day, and I'm pretty sure that the EU would like nothing better than to take 4% of Facebook's annual turnover in penalties if they are shown to have failed to meet the requirement that they disclose a breach within 72 hours of discovery. I also doubt that Cambridge Analytica was far from the only company that was (or still is) pulling personal data out of Facebook, so even if Facebook complies with the GDPR they're probably still going to be dealing with a lot of negative press.

Hope other companies get nailed too

Was looking at Discord (extremely popular with Gamers), thing not only calls home but leaks data on the local user. There's _nothing_ in their client that says it happens. Like Twitch, their entire API is built to be harvested while locking down the client from casual perusal. It's also _very_ tightly coupled with Cloudflare.

Discord themselves laughed at the findings.

tl;DR - Sooner these companies are fined, the better for everyone. But I'm anon and this is slashdot. You'll never see this thanks to the new mods.

Re:We make $20 B! a year but can't self police?

[StingRay02]

They make $20,000,000,000 a year BECAUSE they don't self-police.

That's not how this works

[eddeye]

SEC reports don't work like that. This isn't a tacit admission from Facebook that after much soul searching they realize they've done wrong. Nor does it mean they've found other incidents that haven't been reported yet.

All this means is Facebook is guarding against future lawsuits. SEC reports disclose every possible negative event so shareholders are considered aware of the risks. If another data breach event happens, Facebook has protected itself against shareholder lawsuits.

It's like reporting "Well our CEO could get eaten by a bear." Disclosing it as a possible risk doesn't make it any more or less likely to happen.

There probably will be more incidents. Facebook may in fact know of some already. But this report is not evidence of that.