As embedding from Mastodon is not working tonight, I’ll copy and paste Per Axbom’s post:
Nice bit of reporting from Swedish Radio. They built an online fake pharmacy and activated Facebook advertising tools. Thousands of simulated visits to the pharmacy were made each day, and the reporters could see all the sensitive, personal information being stored by Facebook.
Facebook sent no warnings to the pharmacy, despite saying they have tools in place to prevent this from happening.
A few weeks ago they revealed how this was happening with real pharmacies.
He links this article from Sveriges Radio.