Yes, I suppose data revealed through a system *working as intended* isn’t technically a “breach.”
Most social media these days is built around selling access to participants’ data, directly or indirectly (through ad placement). It doesn’t have to be, but that’s the business model that’s taken hold.
There are alternatives to the big data-mining social networks, but they have their own drawbacks. Blogs still exist, Mastodon is making great strides, you can self-host if you can afford it & have the know-how (or know someone who does)…
But your friends/family aren’t on [cool social network], they’re still on FB & Twitter, so you need to keep them around to talk to them.
And it takes time, effort & money to maintain your own site.
And a lot of networks aren’t as polished as the ones you’re already on…
Leaving FB/Twitter isn’t easy for everyone, or even rewarding for everyone.
We can make it easier, help people diversify, & grow those alternative networks, but let’s not blame those who accept the trade-off & stay on the major sites.
Still, user data is the product. Breaches need one kind of solution. Business practices need another.