It’s an interesting perspective. I first thought there was a security vulnerability and the service got hacked, but it turns out this is false. It’s apparently a credential stuffing attack. He also talks about bad security practices and argues that Cambridge Analytica wasn’t the fault of Facebook.