Facebook does not plan to inform any of its users if they were affected by the massive data breach that affected over half a billion people. While the breach occurred in 2019, it was only revealed in the last week. Additionally, the company is blaming its users for not securing their data better.
A company spokesperson told Reuters that the company has not notified any of the users affected by the data breach and does not plan to do so, saying that the social media company was not confident that it had full visibility on which users would need to be notified. The company reasoned that since users themselves could not fix the issue and that the data was publicly available at the time of the massive scrape, it need not inform anyone.
While the information that was stolen did not contain financial or health information nor did it contain passwords, it did contain names and phone numbers that can be used by scammers to prey on potential victims.
In its initial response to the story broken by Insider, Facebook dismissed the breach as irrelevant — the fact that one in every 15 people on the planet now had personal data being given away — since it happened in 2019 and the fact that the company says it fixed the vulnerability back then.
According to Vice, Facebook was actually informed of this particular vulnerability in 2017 but chose to do nothing about it until after the scrape.
They also claim to have 'found' the issue in 2019 – which is a blatant lie. I reported the issue to them in 2017 – they said "we might tweak rate limits in the future" and blamed users for not understanding their kafkaesque privacy settings.https://t.co/0xLpXvbonw pic.twitter.com/57yHrmYViJ
— Inti De Ceukelaire (@intidc) April 6, 2021
Instead of taking responsibility for how the massive company handles its customers’ data and apologizing, Facebook instead decided to spin a different narrative: securing data is actually not its responsibility, it’s yours.
In a blog post about the breach, Facebook’s Product Management Director Mike Clark first stated a semantic difference between scraping badly secured data and actually hacking Facebook’s servers before going one step further by saying it users should take more steps to secure their data on its platform.
“While we addressed the issue identified in 2019, it’s always good for everyone to make sure that their settings align with what they want to be sharing publicly,” Clark writes.
What’s more, some users who deleted their accounts long before 2018 have actually seen their numbers show up in the stolen database.
My #Facebook account is closed and removed since 2015 but my phone number is part a data breach fixed in 2019.
— Pierre Abi-aad (@abiaad) April 6, 2021
Facebook said that it is the responsibility of its users to protect their own data, but if deleting an account entirely — theoretically the best way to prevent it from being stolen — doesn’t seem to work, some question how it is possible to actually secure data while still being on the platform even if it was the responsibility of the users to do so.
These questions link up rather well with a recent request from United States lawmakers who want to know how Facebook plans to approach its rumored Instagram for children app.
“Facebook has a record of failing to protect children’s privacy and safety, casting serious doubt on its ability to do so on a version of Instagram that is marketed to children,” the lawmakers said in a letter.
Some might ask how Facebook intends to protect the privacy of children, who will not be as likely to take personal information as seriously as adults, when the company seems to not think that providing such protection is its responsibility.
Image credits: Photos licensed via Depositphotos.