When the news that more than 530 million Facebook users personal information had been made publicly available in an unsecured database – this included names, email addresses, and phone numbers, subscribers expected Facebook to react in a reassuring manner. However, Facebook disclosed that it doesn’t plan to notify the users whose data was exposed online. According to reports, the social media platform “cited two reasons as to why it’s not telling users proactively: it says it’s not confident it would know which users would need to be notified and that users wouldn’t be able to do anything about the data being online”.
Facebook believes that the data leak is the result of malicious actors who obtained the data by scraping it from the platform prior to September 2019.
“We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019. This feature was designed to help people easily find their friends to connect with on our services using their contact lists,” says Mike Clark, Product Management Director at Facebook.
“When we became aware of how malicious actors were using this feature in 2019, we made changes to the contact importer. In this case, we updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users.”
“Data protection remains a sensitive topic for both people and organisations. In fact, it is the most concerning IT security issue for more than half of organisations globally (59%), according to Kaspersky’s research,” reveals Alexander Moiseev, Chief Business Officer at Kaspersky.
“Last year, every second organisation (46%) experienced data breaches as a result of different cybersecurity incidents. For users, this means we have to be very vigilant. Though we may be accustomed to leaving different information about ourselves on the Internet, we still need to control what we really want to make public and what we don’t. That’s why it is important to understand how our data can be used if it appears in the wrong hands – for phishing, social engineering or account takeovers. And, if this happens, it is important to be prepared and use dedicated protection on our devices.”