This morning, news broke that a massive data breach has exposed the personal information of 50 million Facebook users to hackers. A company blog reports that nearly 90 million users were forced to log out out of their accounts as a security precaution and provided little detail on what personal information attackers were able to access.



Shortly after, reports began to circulate on Twitter that Facebook was blocking a Guardian story about the breach from being posted on its platform:

Within minutes, additional reports began to circulate that an Associated Press story about the breach was being blocked as well:

Internet users and journalists struggled to make sense of why Facebook was censoring this massive news story for over an hour until reports once again surfaced on Twitter suggesting that the block had been resolved:

While it appears as though Facebook’s effort to block the story was an anti-SPAM glitch, it’s hard to imagine how this day could have gone much worse for Facebook.

The breach and censorship news comes on the heels of multiple privacy scandals for the social media giant, including a new SEC investigation into Facebook’s statements regarding Cambridge Analytica, and revelations that advertisers could target phone numbers used to enable two-factor authentication that makes online accounts more secure.

Civil liberties and digital rights groups have long demanded tech companies like Facebook minimize the amount of data they store on users. Today’s news is a powerful reminder of why this is so important, and adds new urgency to calls for federal lawmakers to consider strict penalties and new liabilities for companies who fail to adopt technical safeguards for sensitive user data—like those in California’s new privacy bill.

Facebook’s data harvesting business model just put 50 million people in danger. Rather than shoring up their security, companies like Facebook have been spending millions lobbying against real privacy and data security protections for Internet users. We need real laws that protect people, not ones that the companies write themselves behind closed doors.

Companies need to minimize the amount of data they collect and be held accountable when they put people at risk. That’s the only thing that will prevent them from collecting this much data in the first place. The tech industry is facing a reckoning. It needs to change.

We must push back on corporations or governments that try to undermine our human rights to privacy, security, and liberty. Join us in making this a reality at SecurityPledge.com.