Microsoft is selling your office 365 emails, documents, calendar & contacts to Facebook without consent

Privacy is becoming increasingly important to technology users. According to IT security services experts, a lawsuit has been filed against Microsoft after the company allegedly shared the data of its Office 365 business customers with Facebook application developers and other third-party firms, in violation of its own user privacy terms.

The lawsuit was filed in court in San Francisco by the legal firms Koonan Litigation Consulting and Summer Davenport & Associates, mentions a report from The Register.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es microsoft21072020.jpg

The plaintiffs argue that, although Microsoft assures its business customers that their data could only be shared with subcontracting firms, their confidential information was repeatedly sent to third parties: “Contrary to Microsoft’s assertions, its customer data is sent regularly and continuously to firms such as Facebook, among others; information is shared even when many of Microsoft’s customers don’t use Facebook,” the lawsuit is mentioned. 

The problem is compounded by the fact that the information could have reached hundreds of third-party firms affected by data breach incidents, IT security services experts mentioned. This practice would have compromised confidential details such as full names, emails, documents, location data, and business intelligence reports, among others.

In addition to noting non-compliance with their own privacy policies, plaintiffs consider that Microsoft automatically shares their customers’ business contacts with Facebook: “Even if customers disable this feature, the damage is already done; the scope of this practice could be similar to that of the Cambridge Analytica incident,” the plaintiffs claim.

According to IT security services experts, the confidential customer information would have already been shared with Facebook and a hundred more signatures. The company itself points out that “once contacts are transferred to Facebook, only the social network can delete these records from their systems.” In other words, companies working with Facebook might also access Microsoft customer data.

The lawsuit insists that Microsoft’s claims that it meets SOC 1 and SOC 2 standards are completely false; plaintiffs seek to make this process a class action, although the kind of agreement they seek is not yet unknown.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.