Facebook will not notify the half a billion users caught up in its huge data leak, it says

Andrew Griffin
Thursday 08 April 2021 05:31 EDT
Comments
Facebook, whose CEO Mark Zuckerberg is pictured in 2018, said the leaked user data was from 2019
Facebook, whose CEO Mark Zuckerberg is pictured in 2018, said the leaked user data was from 2019 (AP)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Facebook will not notify the more than half a billion people caught up in a huge leak of personal information, it has said.

Over the weekend, it emerged that a vast trove of data on more than 530 million users – containing information including their phone numbers and dates of birth – was being made freely available online.

Facebook said that the data was gathered before 2019. It later said that “ “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for synching contacts, and that the loophole that allowed them to do so had now been closed.

But it said that it did not inform users when the leak happened, and does not have plans to do so now.

The Facebook spokesman said the social media company was not confident it had full visibility on which users would need to be notified. He said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time.

Read more:

The scraped information did not include financial information, health information or passwords, Facebook said. However, the collated data could provide valuable information for hacks or other abuses.

Facebook, which has long been under scrutiny over how it handles user privacy, in 2019 reached a landmark settlement with the U.S. Federal Trade Commission over its investigation into allegations the company misused user data.

Ireland’s Data Protection Commission, the European Union’s lead regulator for Facebook, said on Tuesday it had contacted the company about the data leak. It said it received “no proactive communication from Facebook“ but was now in contact.

The July 2019 FTC settlement requires Facebook to report details about unauthorized access to data on 500 or more users within 30 days of confirming an incident.

The Facebook spokesman declined to comment on the company’s conversations with regulators but said it was in contact to answer their questions.

Additional reporting by Reuters

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in