At the beginning of the week we found out the the personal data of more than 533 million Facebook users was leaked online in what has become an altogether familiar occurrence. This data, as Facebook explained at the time, was not the result of a hack, but rather from scraping its platform by fraudsters prior to September 2019 which was subsequently handled by the social media giant.
“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” wrote Facebook’s Mike Clark, Product Management director in a blog post this week.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists. But since there’s still confusion about this data and what we’ve done, we wanted to provide more details here,” he added.
And that is where the buck stops in Facebook’s view, as a report from Reuters notes that the company has no plans to notify or alert any of the 533 million users whose data was compromised following this week’s leak.
“The Facebook spokesman said the social media company was not confident it had full visibility on which users would need to be notified. He said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time,” writes the news publication.
While we must agree that nothing can really be done now that the data has been compromised, choosing not to inform users, regardless of its visibility, does not track in our view. As such, it does not seem like Facebook wants to take ownership of the problem.
Instead the company is directing users to take their own measures in safeguarding their data.
“While we addressed the issue identified in 2019, it’s always good for everyone to make sure that their settings align with what they want to be sharing publicly. In this case, updating the ‘How People Find and Contact You‘ control could be helpful. We also recommend people do regular privacy checkups to make sure that their settings are in the right place, including who can see certain information on their profile and enabling two-factor authentication,” concluded Clark in his blog post.
It therefore looks like Facebook has taken the massive data leak very lightly, which is all the more concerning considering over half a billion users have been impacted as a result.
As such, this latest incident does little restore our faith in a tech company which has been championing the fight against misinformation and moving to be more transparent in recent months.