Meta says 50,000 Facebook users may have been spied on by private surveillance firms
Meta, the parent company of Facebook, says that private surveillance companies may be responsible for hacking and spying on about 50,000 Facebook user accounts.
Meta, which also owns and operates Instagram, WhatsApp and Messenger, said in a blogpost Thursday that it has alerted the people who it believes were targeted by the malicious activities.
Seven “surveillance-for-hire” companies have also been banned from Meta’s platforms, the company said. Action was taken against Cobwebs Technologies, Cognyte, Black Cube, Blue Hawk CI, BellTroX, Cytrox and an unknown Chinese entity. Four of them are located in Israel, one is in India, one is in North Macedonia, and the other is in China.
A Cobwebs spokesperson told CNBC: “Cobwebs operates only according to the law and adheres to strict standards in respect of privacy protection.” None of the other firms immediately responded to a CNBC request for comment.
Meta said the seven firms carried out a combination of reconnaissance, engagement and exploitation. Some carried out all three, while others focused on one or two. The company, led by CEO Mark Zuckerberg, said around 1,500 accounts linked to the seven firms have been removed from its platforms.
The companies targeted people including journalists and human rights activists in over 100 countries on behalf of their clients, Meta said, adding that they created fake accounts, befriended targets and used hacking methods to acquire information.
“The global surveillance-for-hire industry targets people across the internet to collect intelligence, manipulate them into revealing information and compromise their devices and accounts,” wrote Meta’s David Agranovich, director of threat disruption, and Mike Dvilyanski, head of cyber espionage investigations.
“These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer — regardless of who they target or the human rights abuses they might enable,” they added.
Jake Moore, the former head of digital forensics at a U.K. police force who is now the global cybersecurity advisor at ESET, said in a statement that it is absolutely necessary to remove such accounts.
“Although it is extremely difficult for Facebook to remove fake accounts and it has previously struggled with spotting the fakes as some will inevitably still slip through the algorithm,” he said. “It does, however, highlight that Facebook is a tool used in social engineering and even spying on people so users must be reminded to limit the amount of information they post on public social media.”