Facebook Dishes On Epic Facepalm User Data Leak, Says Initial Breach Occurred In 2019
Over the last week, we have reported on a Facebook data leak that released phone numbers, emails, date of birth, names, and more, impacting nearly 533 million users. This leak occurred in 2019 but recently came to light as it was being spread online for free, and Facebook did not handle the situation well. The social media company has now released a blog post explaining what happened, but is that enough, or is Facebook trying to shift the blame?
Mike Clark, Product Management Director, penned a blog yesterday on Facebook's Newsroom explaining what was occurring with the leaked data. He stated that the data was not obtained through hacking but by "scraping it from [the] platform." Scraping is a method by which a malicious actor can use automated software to extrapolate information from a website like Facebook. Since the scraping was revealed nearly two years ago, Facebook took action and is now "confident that the specific issue that allowed [the malicious actor] to scrape this data in 2019 no longer exists."
The way Facebook explains this issue is that what was taken was "public information," and users need to "make sure that their settings align with what they want to be sharing publicly." Though it may have been public information on a profile, it would likely not have been easy to collect by going page to page. With the contact importer tool, which was abused in 2019, Facebook effectively handed the tools to the malicious parties, allowing them to easily scrape the "public" data and make it a privacy concern.
Perhaps a simple apology would be warranted rather than trying to make excuses or explain away what happened. Simply put, Facebook's lackluster QA, developer tools, and security protocols contributed to this data leak, and now it has come back to haunt the company. In any case, as more people find out about what occurred, we hope Facebook's tune will change, so stay tuned to HotHardware for updates.