Motherboard gets so close (boldface mine):

While we understand why some are describing the data Kogan handed to Cambridge Analytica as a breach, based on what’s been reported so far, we believe that describing this incident as a breach would, at least at the moment, mislead our readers.

We’ve been regularly covering data breaches for years. No one hacked into Facebook’s servers exploiting a bug, like hackers did when they stole the personal data of more than 140 million people from Equifax. No one tricked Facebook users into giving away their passwords and then stole their data, like Russian hackers did when they broke into the email accounts of John Podesta and others through phishing emails.

In 2014, when Kogan collected the data of 50 million people, he was playing by the rules. At the time, Facebook allowed third party apps to collect not only the data of the people who consented to giving it up, but also their friends’ data. The company later shut down this functionality.

…the real story is far more troubling: This data collection was par for the course. In other words, it was a feature, not a bug. And while the process that Kogan exploited is no longer allowed, Facebook still collects—and then sells—massive amounts of data on its users.

As Zeynep Tufekci, the author of Twitter And Tear Gas, put it, Facebook’s vehement defense that this was not a data breach is itself actually a damning statement of what’s wrong with Facebook, and Silicon Valley’s ad industry in general.

“If your business is building a massive surveillance machinery, the data will eventually be used & misused,” Tufekci, a University of North Carolina professor who studies the social impact of technology, wrote on Twitter. “There is no informed consent because it’s not possible to reasonably inform or consent.”

Facebook’s security team, Tufekci concluded, can’t mitigate the company’s business model, which is predicated on collecting as much of our data, and our friend’s data, as possible.

We can condemn the misuse of this data, and Facebook’s data collection practices, without calling it a data breach, a term that may confuse readers and distract them from what we believe is the real problem here: Silicon Valley giants have built massive data collection machines with almost no guardrails on how they are used.

What we call things matters politically, and the phrase we should be using is ‘corporate surveillance.’ Just like there is government surveillance–which many, if not most, people distrust, there is corporate surveillance–and that’s a phrase people won’t like either. Which is the whole point.