Facebook has no intention to notify the more than 530 million users whose details were hacked and posted online, the social media giant has said.
Facebook said in a blog post on Tuesday that ‘malicious actors’ had obtained the data prior to September 2019 by ‘scraping’ profiles using a vulnerability in the platform’s tool for synching contacts.
Among the victims were CEO Mark Zuckerberg, whose cell phone number was among the leaked personal data posted online by hackers.
A Facebook spokesman told Reuters the social media company was not confident it knew which users had been hacked and would need to be notified.
The spokesman said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time.
The scraped information did not include financial information, health information or passwords, Facebook said.
However, the collated data could provide valuable information for hacks or other abuses.
Computer servers that store users’ photos and other data are seen at the Facebook site in Prineville Oregon in a file photo. The social media giant is not planning to inform the more than 500 million users whose details were hacked
Phone numbers linked to more than 400 million Facebook accounts were posted online by hackers
Facebook CEO Mark Zuckerberg’s cell phone number is among the leaked personal data from 553 million users of the site posted online by hackers
Facebook co-founders Dustin Moskovitz, left, and Chris Hughes (right) also had similar personal details included in the leaked data
Last week, Facebook’s co-founder and president Zuckerberg was among the more than half billion to have had their data published on a hacker forum.
The the trove of stolen personal data included his location and marriage information, date of birth and Facebook user ID.
Facebook, which has long been under scrutiny over how it handles user privacy, in 2019 reached a landmark settlement with the U.S. Federal Trade Commission over its investigation into allegations the company misused user data.
Ireland’s Data Protection Commission, the European Union’s lead regulator for Facebook, said on Tuesday it had contacted the company about the data leak. It said it received ‘no proactive communication from Facebook’ but was now in contact.
The July 2019 FTC settlement requires Facebook to report details about unauthorized access to data on 500 or more users within 30 days of confirming an incident.
The Facebook spokesman declined to comment on the company’s conversations with regulators but said it was in contact to answer their questions.
FACEBOOK’S PRIVACY DISASTERS
April 2020: Facebook hackers leaked phone numbers and personal data from 553 million users online.
July 2019: Facebook data scandal: Social network is fined $5billion over ‘inappropriate’ sharing of users’ personal information
March 2019: Facebook CEO Mark Zuckerberg promised to rebuild based on six ‘privacy-focused’ principles:
- Private interactions
- Encryption
- Reducing permanence
- Safety
- Interoperability
- Secure data storage
Zuckerberg promised end-to-end encryption for all of its messaging services, which will be combined in a way that allows users to communicate across WhatsApp, Instagram Direct, and Facebook Messenger.
December 2018: Facebook comes under fire after a bombshell report discovered the firm allowed over 150 companies, including Netflix, Spotify and Bing, to access unprecedented amounts of user data, such as private messages.
Some of these ‘partners’ had the ability to read, write, and delete Facebook users’ private messages and to see all participants on a thread.
It also allowed Microsoft’s search engine, known as Bing, to see the name of all Facebook users’ friends without their consent.
Amazon was allowed to obtain users’ names and contact information through their friends, and Yahoo could view streams of friends’ posts.
September 2018: Facebook disclosed that it had been hit by its worst ever data breach, affecting 50 million users – including those of Zuckerberg and COO Sheryl Sandberg.
Attackers exploited the site’s ‘View As’ feature, which lets people see what their profiles look like to other users.
Facebook (file image) made headlines in March 2018 after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy
The unknown attackers took advantage of a feature in the code called ‘Access Tokens,’ to take over people’s accounts, potentially giving hackers access to private messages, photos and posts – although Facebook said there was no evidence that had been done.
The hackers also tried to harvest people’s private information, including name, sex and hometown, from Facebook’s systems.
Zuckerberg assured users that passwords and credit card information was not accessed.
As a result of the breach, the firm logged roughly 90 million people out of their accounts as a security measure.
March 2018: Facebook made headlines after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy.
The disclosure has prompted government inquiries into the company’s privacy practices across the world, and fueled a ‘#deleteFacebook’ movement among consumers.
Communications firm Cambridge Analytica had offices in London, New York, Washington, as well as Brazil and Malaysia.
The company boasts it can ‘find your voters and move them to action’ through data-driven campaigns and a team that includes data scientists and behavioural psychologists.
‘Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections,’ with data on more than 230 million American voters, Cambridge Analytica claimed on its website.
The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.
The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump
This meant the company was able to mine the information of 87 million Facebook users even though just 270,000 people gave them permission to do so.
This was designed to help them create software that can predict and influence voters’ choices at the ballot box.
The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.
This information is said to have been used to help the Brexit campaign in the UK.
