Facebook Says It's Your Fault That Hackers Got Half a Billion User Phone Numbers (vice.com) 65
A database containing the phone numbers of more than half a billion Facebook users is being freely traded online, and Facebook is trying to pin the blame on everyone but themselves. From a report: A blog post titled "The Facts on News Reports About Facebook Data," published Tuesday evening, is designed to silence the growing criticism the company is facing for failing to protect the phone numbers and other personal information of 533 million users after a database containing that information was shared for free in low level hacking forums over the weekend, as first reported by Business Insider. Facebook initially dismissed the reports as irrelevant, claiming the data was leaked years ago and so the fact it had all been collected into one uber database containing one in every 15 people on the planet -- and was now being given away for free -- didn't really matter.
So instead of apologizing for failing to keep users' data secure, Facebook's product management director Mike Clark began his blog post by making a semantic point about how the data was leaked. "It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019," Clark wrote. This is the identical excuse given in 2018, when it was revealed that Facebook had given Cambridge Analytica the data of 87 million users without their permission, for use in political ads. Clark goes on to explain that the people who collected this data -- sorry, "scraped" this data -- did so by using a feature designed to help new users find their friends on the platform.
So instead of apologizing for failing to keep users' data secure, Facebook's product management director Mike Clark began his blog post by making a semantic point about how the data was leaked. "It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019," Clark wrote. This is the identical excuse given in 2018, when it was revealed that Facebook had given Cambridge Analytica the data of 87 million users without their permission, for use in political ads. Clark goes on to explain that the people who collected this data -- sorry, "scraped" this data -- did so by using a feature designed to help new users find their friends on the platform.
Re: (Score:1)
Oh hi Mark Z, I haven't seen you post on slashdot in a while.
Re:Here's why it doesn't matter (Score:5, Insightful)
Sounds to me as if Facebook's "excuse" makes them look even worse.
"malicious actors obtained this data not through hacking our systems, because they didn't have to hack anything, we left it lying out in the open on our platform".
Re: Here's why it doesn't matter (Score:2)
Hard to look worse.
Actually this works (Score:4, Interesting)
If you're a mega corporation and your product has negative consequences it's remarkably easy and cheap to use mass media to convince the public that the problems aren't systemic but because there's not enough "personal responsibility".
So you spend a few million on ads (FB doesn't even need to do that, given the reach of their media) and you're all set. "Personal Responsibility" passes the Truthiness Test. It feels right because people want to feel they're in control of their lives and not at the mercy of systems like Facebook.
They're not wrong... (Score:5, Interesting)
Hear me out, it really isn't, if you think about it:
1) It's not Facebook's fault you voluntarily signed up and created an account on their platform
2) It's not Facebook's fault you didn't spend 5-10 minutes going over the privacy settings and limited access
3) It's not Facebook's fault the average user is an idiot that doesn't bother to read the ToS where they basically say "Yah, this is free, but we can do whatever we want with what you share openly, unless you tell us not to".
It's honestly getting tiresome to read stories about 'hackers', when what really happened is someone took the time to scrape the publicly available data freely given by the users. At what point do we stop coddling the average end-user stupidity and just plainly state "Yah, it's out there, but it's your fault because you were a dumbass.".
Re: (Score:2)
True. Scraping the Web for what is out there, for the asking, is never the fault of the grabber, who isn't a 'hacker' by common definition.
It's a security lapse, and only FB to blame. Funny, at work, we have three network and data security teams; One internal, we control access and do not trust anyone; One external, of course we keep the rats out; And one, testing and challenging the other two, always. So far we've been fairly successful, so far as I can tell. But that third team should be at FB et al, cons
Re: (Score:2)
Re:They're not wrong... (Score:5, Interesting)
True.. and yet, its their fault for even collecting this information in the first place.. If the data wasn't there, then there would be so little reason to "scrape" facebook.. So while the users are to blame for USING facebook (something no sane person should).. Its facebook's fault for collecting information that should not be there.. the only thing that should be REQUIRED is an email address (For validation and feedback), a username and an password of some sort.. EVERYTHING else should NOT be collected.
Banks have to collect some information simply because of the moronic laws we have.. So when they get hacked.. well.. its bad.. but something like facebook.. (which by all rights should not even exist).. I mean seriously???
Re: (Score:2)
Collecting and exposing contact data to the right people was actually the original purpose of Facebook.
I would love a straightforward reliable service that allows my friends to securely update and expose their address info, contact info, etc. without me having to manage that in my own contacts list. Facebook has obviously become something different entirely, but technically that original purpose is still there.
Re: (Score:2)
You didn't have to pay the Mob "Protection" money. So it is your fault if "something would happen" to your home/business if you didn't pay up.
If you did pay "Protection" money, and something happened, the Mob isn't going to take responsibility, because you can't prove it was from them anyways.
Re: (Score:2)
Well it may be more the case of the following.
That cute Girl asks you to FB Message her.
Your friends/family had organized a party, and you were left out, because you weren't on Facebook.
You want to order take out and that restaurant only has their menu on Facebook.
While you don't have to join, you put yourself in a social disadvantage if you do.
Re:They're not wrong... (Score:4, Informative)
You're assuming Facebook tracking is limited to Facebook users. It's not. Facebook tracks non-subscribers who visit third party sites that use Facebook services too.
Fool me 287 times... (Score:2)
You know what they say, "Fool me 286 times, shame on you. Fool me 287 times, shame on me." Anyone who still has any information on Facebook that they don't consider public knowledge deserves what they get. Time to switch to an ad-free alternative like MeWe [mewe.com].
Re: (Score:3)
You used to be able to search for phone numbers on facebook, and it would return the person who had that number, even if they chose to hide their phone number in the privacy options.
Re: (Score:2)
Why did anyone ever give Facebook a phone number? It's not required in order to use the service.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I use FB for exactly one special interest car group.
When you log in, it tells you to secure your account by adding your phone number. Every. Single. Time.
Re: (Score:2)
Opting out of bad security defaults should not be required.
Re: (Score:2)
I had a Facebook account shortly after they started up. After a half-dozen or so times of them unilaterally and without warning changing my previously-selected privacy settings to permit additional data sharing, I called it quits. That bad behavior of them modifying users’ privacy settings without consent or warning continued for a few more years after I left. Didn’t matter what setting the user had set, Facebook would suddenly opt them in to sharing that data.
A few years after I left, it finall
Re: (Score:2)
My privacy settings on Facebook are all carefully set and periodically reviewed. My phone number is not visible to the public and never has been. So when I see that it is included in the database, it makes me wonder, if the data was only from publicly available information scraped from FB, how did they get my phone number?
Re: (Score:2)
It's not Facebook's fault people got confused when they asked should we not not not not not not share your data? And in small grey print on a separate page: you did want to make an exception for our affiliates (by which we mean anyone who gives us a dollar), right?, and finally you should have seen the bit in 2 pt. font on page 37 that said "Oops, we had our toes crossed".
Re: (Score:1)
i will inform my grandma that she's been a naughty negligent girl and she needs an urgent crash course in social engineering at Mitnick industries
Jenny (Score:1)
So now hackers have Jenny's number (867-5309) too? Hardly a big deal. I got her name and number off the (bathroom) wall.
Re:Jenny (Score:4, Funny)
So now hackers have Jenny's number (867-5309) too?
...and the good thing is that if Rikki does lose that number, but has a change of heart... she can find it there in the Facebook dump!
Re: (Score:2)
If you try to walk, they'll tax your feet.
Like we can win this so easily.
Re: (Score:2)
Mistakes were made, apparently Lessons NOT Learned (Score:2)
If you use social media, it's partly your responsibility to "keep your data safe" or just not provide it.
That being said, there is a pretty high level of responsibility for the platform provider. Especially if the data you provide to them is "required" for participation on their platform.
Let the Class Action lawsuits commence. Please don't forget about the poor lawyers who need every last percent of any court awards. /s
Do they have my phone number? (Score:4, Insightful)
I have never explicitly given my phone number to FB, even though they keep asking for it in order to help protect my FB account.
But given that FB likes to create shadow profiles of non-FB users, is it also likely that they have already have my phone number associated with my FB account because they like to play connect the dots?
Re:Do they have my phone number? (Score:5, Insightful)
I have never explicitly given my phone number to FB, even though they keep asking for it in order to help protect my FB account.
But given that FB likes to create shadow profiles of non-FB users, is it also likely that they have already have my phone number associated with my FB account because they like to play connect the dots?
They probably have your phone number. All you need is one idiot that has your phone number in their contacts and you're screwed, because Facebook asked them for access to that, and you know they clicked "Ok".
Re: (Score:2)
Exactly. I've never had a Facebook account, but I sat and thought about what they had in my dossier anyway.
They certainly have my name, address, phone number from all my family members who gave them access to their contacts.
They certainly know all my familial relations for the same reason.
They have my picture, because of the family sharing photos annotated with names
They know a lot about me from the website tracking they do (my wife complains when I block Facebook domains at the router, because, you know,
Re: (Score:2)
And I thought that getting on board Musk's first starship going to Mars wouldn't be a bad idea.
Lol, I've been thinking that as well. I doubt he'd need a broke, middle aged, overweight dude on Mars though.
Re: (Score:1)
It's often the case companies invent reasons to collect as much personal info as possible. There is often half-truths behind their reasons, but a large quantity of half-truths should add up to a full-ass lie in court.
It is our fault (Score:5, Insightful)
He is right in one way: it is our fault for giving this company information. Facebook's business model is around gathering personal information and selling it to advertisers, political groups, and anyone who will pay for it. Are people really going "OMG! The company that made an app that takes my information and sells it, took my information and sold it!" Heck, the CEO of this company told us that the expectation of privacy is no longer a social norm. [theguardian.com] Facebook's app lied about the API version it used to trick Android into letting it access people's contact information [androidpolice.com].
This is a case of "I never thought leopards would eat MY face," sobs woman who voted for the Leopards Eating People's Faces Party.
Slashdot does not require my real name, my phone number, my gmail account, or an app installed on my phone. I trust Slashdot will not not leak my data -- not because they are good people who I trust -- but because I didn't give it to them.
Re: (Score:2)
"OMG! The company that made an app that takes my information and sells it, took my information and sold it!"
I agree with you, but technically FaceBook didn't sell it this time. ;-) This time someone "stole" it from FaceBook. I put that word in quotes because I'm not sure which gray area of the law it may fall into, how gray it is, etc. I imagine the "hackers" needed to create FaceBook accounts, and then wrote scripts using those accounts to scrape as much data as possible using those accounts, which almost
Re: (Score:2, Interesting)
lest we forget that Facebook was not created with a business model "around gathering personal information and selling it to advertisers, political groups, and anyone who will pay for it" - it started basically as a dating website for college kids AND THEN made moves to do what you said after it had already established popularity and dominance in the space. and it is important to remember that dirty move they made.
Re: (Score:2)
No, it was not a business at first. However, Facebook was created to get users to give it as mu
Re: (Score:2)
. Facebook's business model is around gathering personal information and selling it to advertisers, political groups, and anyone who will pay for it.
Facebook, like Google, generally don't want to sell that information. They would like to sell advertising based on that information but never let anyone see it. It's too valuable.
gaslighting (Score:2)
Facebook is simply managing inventory. They have no customer base, except for advertisers.
You cannot expect them to treat you like a human being, and offer the most basic courtesy of not peeing in your Coke and telling you it's lemonade.
Re: (Score:2)
Yes, but you need to remember that we are the people who buy or don't buy the stuff in the ads, so the money does ultimately come from us.
Re: (Score:2)
Or, Facebook's advertising is utterly ineffective and the money comes from people who found the product by other means. Without access to accurate analytics data you can't really be sure.
They didn't have my # (Score:2)
or at least I never gave them my phone number. I never to unless I have to, and I always ignore the reminders to give them my #.
FecesBook (Score:2)
Trying to smear everyone else for their crap behavior.
It's not our fault because... (Score:2)
we didn't even *try* to protect your data.
So Facebook is apparently admitting... (Score:2)
Well, sort of... (Score:2)
It's our fault for giving the Facebook our phone numbers in the first place. I didn't. STBY, Facebook.
What if your bank told you that your money was.. (Score:2)
Instead, the robbers violated the terms of service and removed your money from the table in the front lobby.
Re: (Score:2)
well that would be a completely different situation and i don't think your analogy is meaningful in anyway.
Re: What if your bank told you that your money was (Score:2)
Facebook is at fault (Score:1)
They claim they are secure.
That claim has been shown to be false.
They blame the users for using their (not so secure) system.
In other words they are trying to absolve their liability.
classic "Blame the victim" (Score:2)
You would think that after all these years companies, and people, would have learned that saying that the victim is a fault for giving their information to a company, coming to a complete stop at a stop sign, wearing a short skirt, etc. is not going to do anything but piss off people.
If Facebook had just admitted they messed up, alerted those effected and apologized it would have blown over fairly quietly, probably just a couple of law suits to settle for pocket change at worst, but most people would never
You want to know (Score:1)
Re: (Score:1)
s/Facebook/Hackers/g (Score:2)
So now that hackers have my phone number, what are they going to do with it? Give me a call? Sell it? How is this any different from what Facebook has already done in the past?
They're right. you're Dumb F****"s (Score:2)
https://www.esquire.com/uk/lat... [esquire.com]
But really, how many hacks, breaches, pwnd accounts, security fails does it take you to stop mindlessly throwing your personal info online? at this point, nobody has any simpathy for you...
Re: They're right. you're Dumb F****"s (Score:1)
Semantics (Score:2)
Not because they hacked into Facebook, but because Facebook deliberately decided to publish all that data freely on the internet for everyone to collect, apparently without really telling you they would do that.
So Facebook wasn't hacked and it wasn't their fault because it was a feature not a bug.
Stupid People Who Aren’t Me Are Underserving (Score:2)
I’m not all that smart (yeah, I know, newsflash). Maybe in the top 30% but nowhere near the top 10%. I’m a software developer so statistically I’m near the top third or so, but that one skill is where my mental horsepower ends. I don’t creat new algorithms, I mostly use known ones. Despite not being of elite cognition, I, like you, don’t use Facebook for the reasons you all have discussed. But does that mean those of lower intellect deserve no empathy?
So you’re all sma