To be specific: The website holding the confidential details of half a billion Facebook users is more than just a gold mine for telemarketers and phone spammers. A social engineer’s bread and butter is information such as birthdates, marital status, hometowns, and other places resided. Regardless of if the data was not accessible online, listing it in a convenient archive and making it available to the public is no small feat.
A security researcher found earlier this week that Facebook had leaked the details of 533 million people. Phone numbers, Facebook IDs, full names, hometowns, places lived, birthdates, email addresses, relationship status, and other personal details were compromised. So this was not a small spill that could be overlooked.
Despite the breach’s severity, Facebook told Reuters that it has no plans to inform affected users. The spokesperson reasons that the company is not “confident” it could identify which users were affected and that “the data was [already] publicly available.” Additionally, the spokesperson said that the data was “scraped” before September 2019 using a contact-syncing vulnerability it was already patched long ago. It is worth noting that it did not notify users at the time of that security concern either.
Just saw this explanation from Facebook about the data leak, which interestingly claims it’s focused on protecting people because “scraping data” is against its terms of service.
— Ryan Mac🙃 (@RMac18) April 7, 2021
As BuzzFeed’s Ryan Mac points out in a tweet (above), Facebook claimed that the 2019 data scraping violates its terms of service, but it has done little to stop Clearview AI from scraping millions of images from Facebook and Instagram. Facebook has not sought more concerted measures to stop the facial recognition firm from scraping its records, rather than “demanding” that it stop. Mac says this is due to Clearview’s investment in Facebook board member Peter Thiel.
Despite this, there are ways to verify whether your data was included in the hack without relying on Facebook. The database is freely accessible through torrent pages, and many websites on the internet will conduct searches to determine if your data has ever been leaked. However, be wary of places that request personal information in order to conduct a search. Have I Been Pwned is a reputable data breach search engine. I’ve seen it without incident on a few occasions.
The news of the stolen documents, as well as Facebook’s lack of interest, should come as no surprise. The corporation has a long history of misusing and abusing records. Ironically, 2019—the year in which Facebook claims to have fixed the vulnerability—was also the year in which the company promised a “privacy-focused” future. Given the situation, one has to wonder if it referred to consumer protection or company privacy.
Image credit: mundissima
140 Interactions, 10 today