In this digest, we are breaking down how Twitch and Facebook failed in data protection and what these incidents led to.

Turkish authorities have fined Twitch 2 million liras ($58,000) for a 2021 data breach that exposed 125GB of sensitive information online, affecting 35,274 people in Türkiye. The Personal Data Protection Authority (KVKK) found that Twitch failed to take proactive security measures and only patched the vulnerabilities after the breach. The platform did not report the breach in time either. Twitch attributed the incident to a server configuration issue. The KVKK imposed fines of 1.75 million liras for inadequate security and 250,000 liras for failure to report in a timely manner.

While Twitch is facing regulatory fines, Facebook will likely have to pay compensation to users.

A German court has ruled that users affected by Facebook’s massive 2019 data breach can seek compensation without having to prove specific damages. The 2019 breach exposed the personal data of 533 million Facebook users in 157 countries through a technique called “scraping,” which exploited a vulnerability in Facebook’s contact importer. While no financial data or passwords were compromised, information such as names, phone numbers, and email addresses was exposed, which increased the risk of identity theft and social engineering attacks.

The proposed compensation is €100 ($106) per user, which could cost Meta hundreds of millions of euros given the six million affected users in Germany alone. Meta is disputing liability, arguing that the incident was not a hack but an abuse of legitimate system functions.

It is said that this represents a significant shift in how tech companies are held accountable for privacy violations.

Data breaches often result in legal proceedings, financial losses, and significant reputational damage. If you want to avoid such disasters, consider implementing Managed Security Service. MSS is a budget-friendly solution, ensuring solid protection of your data assets.