One new development is that you used to be able to get your invoices mailed via snail mail. Then that disappeared and you got your invoices mailed via email. Then that disappeared and now you have to create an account on some portal so that you can download your invoice. So that's one userid/password combo per business relationship or service that you use privately. Healthcare, HOA, insurance, payroll etc., every bloody two bit player requires you to log-in to their oh-so-secure service rather than that they send you your stuff. Which requires a ton of overhead and - sure enough - sooner or later they get hacked because by then the amount of data they hold on to is more valuable than their security could reasonably be expected to defend.
For example, the water company. I know the water bill is usually $50 or less, so I set the limit to $60/mo. As it turns out, they did get breached. I got an alert about someone who isn't the water company trying to hit the card for 80 cents. Most card runners use amounts under $1 because most credit card spending alerts have a $1 minimum. But privacy.com warned me, so I warned the water company, who was very thankful. Turns out their 3rd party provider had been breached and they were grateful for the alert too. Ended up saving a few thousand of my neighbors a lot of headache.
A few weeks ago I saw bitwarden finish their third party security audit and took the opportunity to jump. Couldn't be happier. Autofill fails less, the "copy password" menu works, the mobile experience isn't intentionally broken to sell an app, and export->import went without a hitch. Better, actually: it is the first time I have done an export/import and had the resulting data immediately work better in the second app. There's also the hope-springs-eternal factor of bitwarden giving me the option to host the sensitive stuff myself once I get off my butt and set up that server I've been meaning to for a while now.
If you're thinking about lastpass, save yourself the trouble and try bitwarden first. Or something else, but bitwarden has been good to me and lastpass, well, hasn't, to put it politely :)
I'm certain none of those 3rd-party connections are necessary and yet... like muscle-memory... devs continue to thoughtlessly invite tracking.
I’m using two personal domains fo host my own email. One domain is purely for registration/junk purposes and it forwards *@junkemail.com —> junk@myemail.com.
The same server uses nextcloud for calendar/contacts/webdav
I use the password manager Enpass which can sync via webdav across my devices.
Everything selfhosted and emails/credit cards disposable
tos:
> You may use our Services only as permitted in these Terms, and you consent to our Privacy Policy at https://www.logmeininc.com/legal/privacy, which is incorporated by reference.
pp:
> When you use our Services, we receive information generated through the use of the Service, either entered by you or others who use the Services with you (for example, schedules, attendee info, etc.), or from the Service infrastructure itself, (for example, duration of session, use of webcams, connection information, etc.) We may also collect usage and log data about how the services are accessed and used, including information about the device you are using the Services on, IP addresses, location information, language settings, what operating system you are using, unique device identifiers and other diagnostic data to help us support the Services.
> Third Party Data: We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. We may also receive information from other affiliated companies that are a part of our corporate group. This helps us to update, expand and analyze our records, identify new prospects for marketing, and provide products and services that may be of interest to you.
> Location Information: We collect your location-based information for the purpose of providing and supporting the service and for fraud prevention and security monitoring. If you wish to opt-out of the collection and use of your collection information, you may do so by turning it off on your device settings.
> Device Information: When you use our Services, we automatically collect information on the type of device you use, operating system version, and the device identifier (or "UDID").
and
> Some specific examples of how we use the information:
> * Conduct research and analysis
> * Display content based upon your interests
> * Market services of our third-party business partners
and
> 4. Information Sharing
> ... We may share your personal information with (a) third party service providers; (b) business partners; (c) affiliated companies within our corporate structure and (d) as needed for legal purposes.
and
> Examples of how we may share information with service providers include:
> * Sending marketing communications
etc...
Single point of failure. Even if they claim they're "encrypted so that even THEY can see them", it's so easy to mess up encryption, it makes it a single point of failure.
I still share passwords between my devices though, but instead I use KeePass along with the Android app. For less critical passwords I let Chrome keep them; I _mostly_ trust Google, and non-critical passwords are exactly my level of trust of Google.
And I also trust Google to share my (encrypted) KeePass file with my devices. But now it's two points of failure: Someone would have to break into a private Google Drive, get my KeePass file, and break the KeePass encryption.
And I trust _both_ KeePass _and_ Google more than I trust Lasspass to get security right.
The one thing that is cool, for items that don't have to ship in the mail, is the ability to use any name and address whatsoever with the merchant.
I always found Quora's use of dark patterns and baiting you in from search engines then blocking the content particularly egregious. Always made me surprised anyone held that site to such a high standing and I can only imagine it's because the advocates never knew how awful the experience was without an account.
I feel Pintrest is very similar in that way.
1. enable donations / tips / subscriptions to sites using a browser-native crypto wallet
2. use ZKP anonymity
This enables a publisher / subscriber business model of 'dollars without data'. Which should really be the Minimum Viable Product for a publisher.
PII data for marketing is the icing on the cake for publishers, but the bar is high (and getting higher) around sharing that, and many of us want to support sites, but don't want to go through N+1 payment gateways and digital identity forms just to read some content.
From this perspective I see Brave and BAT as enabling a very old model: I give you a quarter, you give me your newspaper. End of story.
Brave and BAT are attempting the same thing from a slightly different direction than we are--they are attempting to bring privacy to partially-decentralized apps; however, I don't think this will ultimately succeed--privacy is broken by the weakest link. As soon as you allow some connection to some server somewhere that's exfiltrating your interests, you now have advertisers lining up to buy that data and exfiltrate more. As far as I understand the "hybrid decentralized app" model, where DNS and web2.0 are allowed, you permit these weak links to exist.
If their systems get hacked and they have your snail mail address, they get your snail mail address as well. Email doesn't change that story.
Oh, and OAuth is a similar coping mechanism. You shouldn't need to log in to something to browse the web!
I felt validated when I received the email from Quora about the hack to a fake email address and addressing me by a fake name.
Hello! We will be moving to the new anonymity on Quora experience very soon. If you would like to edit or delete your existing anonymous content in the future, please provide your email here before March 20, 2017. You are receiving this message because we have not yet received an email from you. Please note that if you do not provide your email by March 20, 2017, you will need to contact us using our Contact Form and selecting “I need help with my account.”
Does this mean that every question or answer I’ve viewed is now in the hands of the attacker?
Your email address and hashed password being exposed is one thing. That information plus your search history is quite another.
My point is people do cargo cult everything. Could the service be BETTER without forcing the user to sign up? Inconceivable! Everyone knows you should force users to sign up.
It's annoying being on the other end of this: management deciding, for cost reasons, that snail mail is out and email is in.
Somebody else then worries about the risks of emailing documents that contain private information.
I think a case can be made that some kind of email token login is the simplest solution here: passwords only introduce another attack vector since you can usually reset them by email.
Are there more elegant solutions to this problem?
- what doesn’t get hacked? Isn’t life a continuous trade-off between risks and chances
- If you’re afraid you’ll expose private information, then just don’t use a platform like that?
- these platforms use user generated content, true. But they provide the platform and the product. I think that is a fair deal.
Would it be possible those logins are more secure?
Today my information is probably leaked. Information I didn't want to give and that they threatened me for it.
Where is the apology Quora? From all the recent leaks this is the one that pisses me off the most, because it's the one that was forced unto me.
I don't understand why you bothered arguing with them instead, I dunno, creating a new fake account?
Instead, I created a new email ID, gave a fake name, and registered with that. I gave up on the site soon anyway, but now I'm glad they forced me into registering with fake details.
Just search for anything like "what is an open source alternative to X" and the results will be a lot of people trying to justify why their Y paid option is a good solution for your problem.
These days the growth has masked all the good stuff with a layer of spam and general crap that’s hard to get past. Inevitable consequence of growing users but it has been managed poorly.
The state of personal data regulation in the US is abysmal. Unfortunately, if Cambridge Analytica wasn't enough to spur new regulation, I fear nothing will.
I deleted my account last year (got cold feet as I was using my real name and picture and people I know IRL had started to stumble across some of my answers) but I'm sure my data is probably involved in this breach somewhow.
[0]not my actual user name, but something similar.
Never went back to that site.
Edit: Sorry if stupid question, but that would be throwing major red flags if I got such an email.
Feel better, don't you?
Because we will leak your data, but we won't bother designating a responsible spokeperson be it security officer, cto, vp of engineering or principal architect. It will be the all nebulous quora team.
Most Quora users are hungry for answers and flood-request you to answer their question just because the system recommends them to do so. No matter how many times you pass, the system still keeps notifying you that "you are needed". Quora doesn't understand a no is a no.
IMHO -> There truly isn't any benefit on providing good answers on Quora, other than stroking your ego, might as well become a micro-influencer on Instagram.
Even worse most questions seem truly 1-Google search away and the answers are low-effort. Sure you do have some rare gems, and those are truly amazing to read. Alas, that's not often and spamming answers just for the sake of answering has become a reality.
The last time I checked, both my Python & Go open source text books get decent views from Quora & reddit, daily.
That's why I just deactivated it and didn't delete.
It's a valuable lesson in "don't keep data you don't need".
EDIT: A little backstory for non-Quorans. Until early 2017, anonymous Quora answers and comments were anonymous to the public but not actually anonymous in the database (they were still "your" entries). In early 2017 they (presciently) made all this content fully anonymous, even in the database.
> Is content posted anonymously still secure?
> Yes. Anonymous content cannot be connected to user accounts, so content posted anonymously is still secure.
Unfortunately, though, most companies operate under the "keep data you might eventually need" principle.
Both are valid lessons. One is from the businesses perspective and one is from the user's perspective.
Now... if the emails were logged and in the exploited database, then all bets are off, but there's no indication that happened at all.
There are about a hundred other things about this that give me anxiety, but Quora is run by extremely competent people (engineering and otherwise), so I am pretty confident about their ability to be transparent and to know the extent of any issue.
This entire thing is really shitty for everyone involved, but given Quora's tenure (almost nine years!) that this is the first breach is pretty amazing, and that they've done so much work to make it less of a problem is great.
None of the above is meant to diminish the general dissatisfaction others are expressing here.
Quora is an intimate medium — tied to real names, real and often deep interests. It's especially bad that this happened.
There needs to be a better way to realign incentives in this ecosystem, otherwise this story will repeat.
The toughest ones here are my online banking and my online health portal, but other than that, I have gotten pretty picky about what information I give any company.
I feel that for every company that self-reports a leak, there are multiple other companies that have leaked your data and either haven't discovered the breach, refuse to disclose it, or flat out sold your data to the highest bidder.
The address I gave Quora isn't in the hands of spammers yet, which is a mildly good sign. But normally it takes a while for an address to get out to the bottom-feeders, so we'll see.
Can you go into detail on this? What exactly do you mean by tagging? Just wondering in case I want to do the same.
I especially like financial companies that have you login by using symantec VIP[1] which you append to your password. There's no way anyone thought that was a good idea. They did it that way because they had a worthless legacy authentication stack they couldn't rewrite, didn't understand 2FA well enough to implement it themselves, went with Symantec because "nobody ever got fired for contracting $importantfunction to $bigcompany", and the only way they could shoehorn any 2FA auth into their login flow was to concatenate it with the password.
[1] If you haven't had the pleasure of using it, it's a proprietary 2FA app that has a single seed per app install, shared between the app and symantec's database. It generates 6 digit codes that make it look similar to standard TOTP, but it's not TOTP. If you need to use it for multiple websites, you give them all the same seed hash (displayed by the app) which they use to synchronize your auth credentials with your account at symantec. IOW, it doesn't scale securely. There's also no way to have a backup 2FA device with this system; at least the two companies I've used it for haven't let me set up my account with two VIP apps on two different devices. Since normally you'll only have a single 2FA device using this Symantec VIP service, that means you have to go through a manual, insecure identity verification process to get back into your account if your one Symantec VIP device gets lost or broken.
https://mobile.abc.net.au/news/2018-12-03/commonwealth-bank-...
Oh yeah. Right...
It helped me find out a couple of local companies that are selling my data to spammers.
Anything that can go wrong, will go wrong [0]. Anything that's isn't disallowed by quantum mechanics, will eventually happen [1].
So, if businesses made it cryptographically impossible to leak data, maybe it wouldn't happen, assuming it is even possible to make it impossible...
In addition, many questions remain open, for example: Which ' leading digital forensics and security firm' is working for Quora?
I hope for Quora that they met their 72-hour deadline according to the GDPR. Looking at https://www.quora.com/about/privacy, it does not look if Quora was / is GDPR-ready. They do not mention any legal basis for the processing (art. 13 GDPR) and they do not inform about their GDPR data representative in the EU (art. 27 GDPR).
The email I got from quota just says “encrypted” passwords, and while the blog post says “hashed”, it doesn’t say what algorithm. For all we know it could be something useless like MD5
Or are they trying to adjust, and the attacks are getting so sophisticated that the pace of investment in counter-measures is below that of the pace of advancement in the complexity of attacks?
Or something in the middle?
Of course, this model assumes that as soon as you have penetrated the perimeter, the rest becomes easy. This is the more traditional model. People are increasingly adopting a you-are-already-hacked approach, which makes it harder to move laterally once someone gets in. However, the general challenge still applies.
Once you understand how difficult attack mitigation is, then you can pick and choose from a variety of factors:
- executives may not have a realistic understanding of how difficult attack mitigation is so they don’t allocate the resources for hiring
- incompetent admins overestimating their abilities
- competent admins who are underfunded
- incompetent admins who underestimate the value of the data they’re protecting
- competetent admins who may not have an accurate picture of what data they’re trying to protect so their threat model is flawed due to inaccurate information
- executives who are aware of how difficult mitigation is but don’t place customer data privacy as a priority.
- the current iteration of our growth obsessed corporate models unintentionally results in a race to the bottom in many ways.
- little incentive for companies to factor in social impacts as we don’t yet seem inclined to figure out a way to include impacts on society as one of the many metrics to measure a company’s success or failures.
It’s worth remembering though, even the most responsible, most well funded, most security conscious, and best staffed organizations have been compromised at one point or another—security is hard.
Offense needs only one hole, whereas defense needs to plug all, including human behaviors. When the offensive side finds a new attack, they can often try and see which of the victim is vulnerable, thus the offense can pick and choose among many potential victims, whereas the defensive side needs to defend from all attackers. The information, once leaked, can't be recovered - i.e. once exploit is successful, there's no "recovery" available.
All of those factors combined make defense orders of magnitude more difficult - in terms of careful attention to detail, in terms of manpower, in terms of human training and vigilance, etc. For those reasons, the best defensive strategy is to minimize the information you need to protect.
It’s not really a security issue as much as an incentive issue.
Luckily you can sign up for Quora with any name and email. You have to assume that no matter how hard a site tries to protect your info, it will get compromised sooner or later. The best they can do is what Quora does: demand as little info about you as they need.
In addition to that, attackers only have to get lucky once, the defenders have to check every entryway.
Happily I get to once again bemoan the disappearance of JCSV, who was astounded that Quora was still a thing five years ago: http://jesuschristsiliconvalley-blog.tumblr.com/post/4896203...
https://help.quora.com/hc/en-us/articles/360020212652
What happened? - not answered in any detail
What kind of user data was affected? - answered!
How do I know if I was affected? - not answered
How was it brought to your attention? - not answered
How many Quora users are affected? - not answered
Quora is good about responding quickly, which should be appreciated. That the FAQ wasn't fully filled out was just because it was being filled out. I know this can be an awkward experience for someone who immediately sees and responds to the tech news, but a bulk of their users won't be that profile. They got the framework for response laid out immediately, and are working on the responses. This seems pretty solid.
- Account information available on the Ads Manager account settings page.
- The email address provided for notifications about your ad campaigns.
- Campaign structure and setup, including information like budgets, schedule, bids, targeting, and ad information.
- Notifications that were in your Ads Manager, such as ad paused, logo approved, and ad ready.
- Audience setup information available on the Ads Manager audience page such as types and creation date.
- Partial credit card information, including name, expiration date, and the last four digits of the credit card.Having said that, this is pretty much a perfect response to the situation.
1. Quick turnaround from the breach to the announcement 2. Concise description of what happened 3. Owning the mistake 4. Update of their mitigation 5. Promise to follow up & actionable items. 6. Additional technical detail for more interested: https://help.quora.com/hc/en-us/articles/360020212652
It sucks that this happened, but for that alone I'd like to applaud Quora team. Yes, it would've been great if they didn't have to force me to sign up from the first place. It would've been great if this breach has never happened. But for the context, they're handling the issue as well as possible.
Time for change. Time for intelligent heads to come together and think of how a better internet security architecture needs to look like.
Say your name, email address and social get leaked in one 500m user dump and your email passport number and actual address in another. I've never worked with datasets on this scale hence the ignorance.
Maybe its possible for one person of interest but how complicated would it be to match up everything?
---
Based on what we have learned, some of our users’ information has been exposed, including:
- Account information (e.g. name, email address, encrypted password, data imported from linked networks when authorized by users)
- Public content and actions (e.g. questions, answers, comments, upvotes)
- Non-public content and actions (e.g. answer requests, downvotes, direct messages)
Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.
---
What information was involved
The following information of yours may have been compromised:
Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalization data
Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes
Data imported from linked networks when authorized by you, e.g. contacts, demographic information, interests, access tokens (now invalidated)
Non-public actions, e.g. answer requests, downvotes, thanks
Non-public content, e.g. direct messages, suggested edits
Questions and answers that were written anonymously are not affected by this breach as we do not store the identities of people who post anonymous content.
I don't want every site that I visit sending me an email every time I click on a Google result.
I hit that SPAM button as fast as I could.
Here's a crazy idea, circa 1990's: don't store their personal information! Allow people to browse Quora without using their real names. I'm very happy I deleted my Quora account when I did.
They are hiring people based on leet code questions and school prestige and not based on real technical knowledge about systems. Their business people are top school MBA grads with no security domain expertise. They then proceed to build massive data collection programs using open source tooling that non of them fully understand. Their business model depends on that data and monetizing it in various ways. An so the complexity of their application goes through the roof with regards to user data. Their user facing web apps are the tip of the iceberg for a massive surveillance scheme.
Isn't that true for almost all companies based in the Sillicon Valley?
There is something called the Cybersecurity Bipartisan Caucus in the US Senate.
I have found calling these senators (which I have never done before for any politician about anything) extraordinarily helpful and gratifying. I have even explained that I don't live in their state, and yet they still listen and clearly need the advice from good security/sysadmin people (like asking them why Facebook still doesn't have a CSP Security Header).
It was only 6 days ago that the "International Committee on Privacy", made up of Senators from countries around the globe, met in London to question Richard Allan, VP of Privacy at Facebook. Mark Zuckerberg rejected the request for his attendance.
[1] https://www.warner.senate.gov/public/index.cfm/cybersecurity
[2] https://www.parliament.uk/business/committees/committees-a-z...
- the linked article says the breach included hashed passwords, but makes no mention of salt
- the help page says they're forcing affected users to change their passwords
If the passwords were salted before being hashed and stored, then:
- Why not mention it, so users (especially those who don't use unique passwords on every site) know that it's not trivial for their password to be found?
- Why force people to change their passwords?
> the passwords were encrypted (hashed with a salt that varies for each user)
Looks like the article says the same thing.
Personally I'd pay to be able to stop getting snail mail. If it weren't for the one or two rare pieces of semi-important crap that show up, sent by dinosaurs that don't realize we aren't living in the 20th century anymore, I'd quit checking my physical mailbox once and for all. I mean, it's not like 99/100'ths of what comes in there isn't junk catalogs, fundraising letters from politicians I hate, sales flyers from stores I hate, bills that I pay online already, mail meant for the previous residents, etc. But unlike email spam, it actually costs me effort to scrape that garbage out of the box and haul it to the dumpster.
Blech. Personally, I want no part of it.
I hope they mean hashed, not encrypted.
Would be nice if websites measured user activity and could 'lock out' or otherwise release their data if they never use the site; at least, confirm with said user via email if the account is needed.
But in this era, I'm sure companies would prefer to keep whatever data they can get.
However, in this case, there is no credit card information to muddle up or confuse a case. It's only a users personal information--private messages, moderator requests, reports against other users--that has been compromised because they didn't collect credit card info. And there's an enforced "real names" policy that makes it identifiable.
I wonder if some had their details reset altogether? Either way, this looks like a major breach considering the value of people who have signed up with Quora.
And then this happens!
>"We recently discovered that some user data was compromised as a result of unauthorized access to one of our systems by a malicious third party."
"Some user data"
Then goes on to say:
>"For approximately 100 million Quora users, the following information may have been compromised:
Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users Public content and actions, e.g. questions, answers, comments, upvotes Non-public content and actions, e.g. answer requests, downvotes, direct messages (note that a low percentage of Quora users have sent or received such messages)"
Wouldn't this be closer to "all user data was compromised"?
It seems absurd for them to state "some user data was compromised." That's seems like a pretty comprehensive list of user data. What else would there be?
This is a company that for years forced account sign up and obscured user generated content even for users who just wanted to browse unless you created an account. Seriously fuck Quora.
I think of it as something like a reverse password manager; instead of "here's a website, what's my data", it's "here's a bit of information about myself, who has it?"
It's a pain keeping that list updated but at this point I'm so hooked on being able to see my personal info leak out into the world bit by bit that the friction is worth it.
I'm still trying to figure out what I should do with the data I have on myself, if anyone has any suggestions.
[1] That situation seems sketchy seeing it written down like that, so just want to explain that it's because I moved to a different country (address, phone, credit cards) and away from gmail at the same time.
No, that's what made OpenID awful. Your accounts all go down if one those "points of trust" get taken down for whatever (or no) reason.
No details on the hashing scheme used though, so we don't really know how easy it'll be for the attacker to brute force the password hashes.
In a way this is a great example of why you shouldn’t collect data Willy nilly.
I really really really hope we get some sort of a law where companies are seriously liable for data breaches.
US has a ton of tech companies but very little regulation that protects the customer.
Why is this so easy? Is it impossible for a well-funded company to keep it's user information private? If so, can we act like it?
According to my trusted Password Safe (https://pwsafe.org/) I call about 400 accounts my own - each one with a unique random password.
I hope lesson should be learned: don't force users to register just because you can
Even though I didn't explicitly set up an account, it seemed to have done it for me already. I just assumed it was one of those shitty content aggregation platforms like the sorts that steal all the posts from Stackoverflow and rebrand them.
Genuine question - not sarcasm. I would love to know how the attackers got in in the first place.
Usually when I hear about a breach, my first reaction is “yeah, I would have covered that from the start,” but if there’s something to be learned here, I’m all for it...
I worked at Quora, and totally unrelated, at my current company, had the opportunity to source and be point on multiple penetration tests. At my current company, I work with some people I consider extremely competent at SQL, and in particular PostgreSQL, but that didn't stop the pentesters from finding SQLi in our code. It sneaks in, and all it takes is one fuck up for a hacker to go to town.
I think that most startups don't understand the value of dropping 20-30k on an engagement with a competent pentest company, and this can propagate even longer into an org to the point that they never bother to get outside testing. Don't fall into that trap. Having a third-party with eyes on your org is worth every cent. If you run a startup or aspire to, I highly recommend you consider getting a pentest when you have ~5M ARR, and continue to do a yearly engagement to make sure your shit is covered until you can afford a full time security staff.
Many companies seem to use intentionally vague wording to suggest you might not have to worry.
Quora encrypted passwords instead of hashing them? FAIL.
Anyone remember the glory days of facebook , when real names were "revolutionary" and all the rage? Quora followed that cargo cult (founded by facebook people, after all) and the consequences of that choice are due today. We really need to introduce the concept of "expiring data" on the internet, personal or not. After a reasonable amount of inactivity, identities shuold be anonymized.
Just be a nihilist, guys.
I would love to punch the CTO of this company in the nose with passion.
Was it hashed AND encrypted or another case of people not understanding the difference?
To me it seems its going the way of Yahoo Answers, if it already hasn't. It might be gaining some traction in developing countries but the ratio of signal:noise seems really low at this time, coupled with terrible UI.
Nothing insightful. I'm just here to kick them while they're down.
If you want anonymity there are other platforms for that, stackexchange for example.
Conclusion
It is our responsibility to make sure things like this don’t happen, and we failed to meet that responsibility. We recognize that in order to maintain user trust, we need to work very hard to make sure this does not happen again. There’s little hope of sharing and growing the world’s knowledge if those doing so cannot feel safe and secure, and cannot trust that their information will remain private. We are continuing to work very hard to remedy the situation, and we hope over time to prove that we are worthy of your trust.
Even though I have been a heavy quora user (reader and contributor), I would be really happy if it died a really painful and stupid death
Also, it's implausible to me that selling the data wouldn't come out eventually. As we saw with Cambridge Analytica, even pretty obscure uses of data can eventually turn into giant media exposure for privacy breaches. The brand damage is is very expensive. Facebook's market cap is down something like $100 billion; there's no way they could have made that kind of money from trying to quietly sell copies of their data.
