JAKARTA - Nearly half a billion Facebook user data was leaked. The leaked database contains phone numbers belonging to Facebook users around the world, including accounts from Indonesia.
Although the number of leaks is quite large, Facebook does not plan to notify its users if their data has been exposed. The reason is that the giant social networking company isn't sure who the users are, who needs to be notified and who doesn't.
"In addition, users can't do anything to improve the data that has been exposed online," as quoted by Reuters on Thursday, April 8.
In a blog post released on Tuesday, April 6, Facebook explained personal data belonging to hundreds of millions of users was taken by irresponsible people through contact import services using 'scraping' techniques. Personal data belonging to hundreds of millions of users is reportedly posted on an amateur hacker forum and can be downloaded for free.
Facebook confirms that a sample of the 533M data is related to a 'contact importers vulnerability' which was fixed in Aug 2019 While there was some reporting of a 'vuln contact importer' in 2019, @Facebook never actually disclosed any details or notified affected users (1/6) pic.twitter.com/7V9L6zeGWJ
— ashkan soltani (@ashk4n) 5 April 2021
Things were very different when Facebook handled the Cambridge Analytica case, a few years ago. At that time Facebook immediately informed its users that their data had been misused. In fact, Facebook displays a notification via a link that appears in the newsfeed and asks users to find out if the data on their Facebook account is misused or not.
Considering the type of information that was successfully compromised by hackers contains important data, such as phone number, location, date of birth, Facebook ID, gender, occupation, national origin, marital status, to e-mail address. Even Mark Zuckerberg's personal phone number was one of the victims of the data leak.
So, instead of apologizing for failing to keep user data safe, Facebook's director of product management Mike Clark started his blog post by making semantic points about how the data was leaked.
"It is important to understand that malicious actors obtained this data not through hacking of our systems but by extracting it from our platforms before September 2019," Clark wrote as quoted by Business Insider.
Old Data Claimed Facebook Is Harmless
On its official website, Facebook assures users that the leaked user data does not contain sensitive information, such as financial statements, health records or account passwords. Even Facebook has patched security loopholes that become the entrance of hackers to steal Facebook data.
So the data leaked in the timeline is nothing more than "old data". Even if a user is concerned about being the victim of a data leak, they can check through the "Have I Been Pwned" site to see if their information such as email or phone number has been exposed to the public.
The European Union's Personal Data Protection Commission (GDPR) has also contacted Facebook regarding recent leaks. It's just that they don't get a satisfactory answer from Facebook on this issue.
They also claim to have 'found' the issue in 2019 - which is a blatant lie. I reported the issue to them in 2017 – they said "we might tweak rate limits in the future" and blamed users for not understanding their kafkaesque privacy settings.https://t.co/0xLpXvbonw pic.twitter.com/57yHrmYViJ
— Inti De Ceukelaire (@intidc) 6 April 2021
A Facebook spokesman declined to comment on what was communicated with EU regulators. The social media giant only directs users not to hand over responsibility to Facebook for protecting their personal data. Where Facebook users themselves are submitted to customize what information they want to share.
"In this case, updating the 'How People Find and Contact You' control can help. We also recommend that people conduct regular privacy checks to ensure that their settings are in the right place, including who can see certain information on their profile and enable two-factor authentication,"
Facebook product management director Mike Clark
So far, Facebook has long been supervised by the U.S. Federal Trade Commission. Even this kind of data breach is most likely covered by strict privacy rules in Europe, known as the General Data Protection Regulation (GDPR).
Considering there have been several cases of misuse of Facebook user data. In 2019, Facebook agreed to pay a fine of 5 billion US dollars or around Rp 70 trillion related to the case of misuse of user personal data by a third party, namely Cambridge Analytica.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
