Facebook not willing to notify over 530 million users whose data got leaked

Facebook will not inform the 530 million odd users, whose data was breached in 2019, said a blog posted on the social media giant’s website a few days back.

Personal information including phone number, Facebook ID, birthdates etc of the users were leaked, which Facebook claims was “scraped” by cybercriminals and not obtained through their system before September 2019.

Meanwhile, Reuters quoted a Facebook spokesperson to say the social media giant does not plan to notify the users that might be affected in the data leak. The spokesperson said that “it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users.”

Facebook posted a blog to accept data was breached but said that it happened in 2019. “It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019. This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services. As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists. But since there’s still confusion about this data and what we’ve done, we wanted to provide more details here,” the social media giant said in a blog.

Cybersecurity experts, however, said the breach in data is not as old as Facebook claims it to be.

Also read: Facebook agrees to pay $5 billion penalty for privacy violations

Facebook has blamed its ‘contact importer’ feature, which made it easy for hackers to scrape the  data. The company has since then brought in several security changes in the ‘contact importer’ feature.

“We updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users. Through the previous functionality, they were able to query a set of user-profiles and obtain a limited set of information about those users included in their public profiles. The information did not include financial information, health information, or passwords,” the blog read.

The company also claimed that the cybercriminals obtained limited user information. The data did not include sensitive information such as health, passwords, or finance.

‘The Verge’, however, points out that the scraped data included information, such as birthdays, locations, full names, and phone numbers.

Also read: FB raises investment for language expertise to check hate speech from Sri Lanka

How to protect your Facebook data

Facebook recommends updating the “How People Find and Contact You” feature on the platform. It has also advised users to take regular privacy check-ups on the platform.

Some online tools can help you find out if your phone number is part of the leak or not. For Indian users, fbleaks.com is a good source to know if you data had been leaked.