The purpose of this disclosure is to explain how we make money without charging you for our content.
Our mission is to help people at any stage of life make smart financial decisions through research, reporting, reviews, recommendations, and tools.
Earning your trust is essential to our success, and we believe transparency is critical to creating that trust. To that end, you should know that many or all of the companies featured here are partners who advertise with us.
Our content is free because our partners pay us a referral fee if you click on links or call any of the phone numbers on our site. If you choose to interact with the content on our site, we will likely receive compensation. If you don't, we will not be compensated. Ultimately the choice is yours.
Opinions are our own and our editors and staff writers are instructed to maintain editorial integrity, but compensation along with in-depth research will determine where, how, and in what order they appear on the page.
To find out more about our editorial process and how we make money, click here.
When Facebook co-founder Mark Zuckerberg posted a status update Wednesday on the still-unfolding Cambridge Analytica scandal, he called it an “issue,” a “mistake” and a “breach of trust.” But he didn’t say it was a data breach.
Ever since the news broke this weekend that the U.K. firm Cambridge Analytica obtained information about 50 million Facebook users without their knowledge, the social media site has been carefully avoiding using those words. Executives are profusely apologizing but stopping short of characterizing the situation as a data breach — a phrase that brings to mind images of hacker frantically typing in a dark room or stolen credit card numbers being shared online.
Facebook has 1.4 billion daily users it doesn’t want to scare off with the “data breach” characterization. But was it?
Depends who you ask.
Here’s what happened: A few years ago, a researcher put together a Facebook personality quiz that asked participants to download an app and give him access to their friends’ data. About 270,000 people consented, which ultimately led to some 50 million profiles being scraped for information. The researcher then gave to Cambridge Analytica, and the company used it to build profiles it sold to clients as political research.
That amounts to a data breach if you’re using a general definition, like the one cybersecurity company Trend Micro has on its website: “an incident wherein information is stolen or taken from a system without the knowledge or authorization of the system’s owner.”
It counted for the Observer, which helped break the story and in its first sentence called the debacle “one of the tech giant’s biggest ever data breaches.” Ditto tech entrepreneur Narendra Rocherolle, who flatly tweeted Saturday that “when you allow 3rd parties to access my data in a manner inconsistent with the rules and policies. That is a data breach.”
Facebook, of course, disagrees. Deputy general counsel Paul Grewal released a statement on Saturday writing that “the claim that this is a data breach is completely false” because the researcher got consent from everyone involved. Andrew “Boz” Bosworth, Facebook’s former vice president of ads, took a similar stance.
Publications like Motherboard are trying to walk the line. The outlet pointed out that the Facebook news is different than last year’s 140 million-person Equifax data breach, which took place when hackers exploited a vulnerability in its software. But it also mentioned that Facebook’s entire business centers around collecting huge amounts of information from its users, so the whole operation isn’t extremely secure.
Still, others — like Sen. Amy Klombuchar, the democrat from Minnesota — are playing it safe and just using the word “breach.”