Facebook Does Not Plan To Notify Half-Billion Users Affected by Data Leak

Facebook did not notify the more than 530 million users whose details were obtained through the misuse of a feature before 2019 and recently made public in a database, and does not currently have plans to do so, a company spokesman said on Wednesday. Reuters: Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said in a blog post on Tuesday that "malicious actors" had obtained the data prior to September 2019 by "scraping" profiles using a vulnerability in the platform's tool for synching contacts. The Facebook spokesman said the social media company was not confident it had full visibility on which users would need to be notified. He said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time. Further reading: Facebook Says It's Your Fault That Hackers Got Half a Billion User Phone Numbers.

Come on GDPR

[john83]

What use were all those damned cookie notices if you can't rip facebook a new one for this kind of nonsense?

Re:

[Anubis IV]

Since the leak actually happened way back in 2019, the “crime” has been widely reported to pre-date the GDPR, and as such is (sadly) not subject to GDPR enforcement action.

Re:Come on GDPR

[what2123]

This is false. GDPR enforcement was live in May of 2018. At that point it was nearly 3 year of being able to prep for it. The leak happened nearly a year after full enforcement.

Re:

[madkev0]

Indeed, time flies when you're complying fun: https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[Anubis IV]

Thanks for the correction! I am VERY happy to have gotten that info wrong, since it means Facebook is on the hook.

If you want to complain personally...

[beepsky]

16506447386, 4, Mark, Zuckerberg, male, Palo Alto, California, Dobbs Ferry, New York, Married:Chan Zuckerberg Initiative, 1/10/2019 12:00:00 AM, 05/14/1984

First number should be his phone

Re:

[MikeDataLink]

6506447386

That number is long abandoned and your irritating some poor woman when you call it.

It's your fault for using Facebuck.

[Fly Swatter]

If you want your data somewhat private, don't go posting it on public facing pages that scrapers can get to - which is all of them that are on the internet.

-Dupity Dupity.

Re:

[schwit1]

What about people who don't have FB account but their PII was on someone's FB account?

Re:

[monkeyxpress]

Yup, I can't believe this thing survives. It's like the zombie of dotcom that just won't die.

I gave up on FB around four years ago, and get by perfectly well without it. My wife still uses it but she has noticed that people are not that open about sharing anymore, and most of it is pretty boring mundane things. She never posts any more. Also, ads. There is a ridiculous amount of advertising on her feed. If she wants to connect with anyone she uses a messenger app.

I just can't understand how Zuckerburg keeps

Re:It's your fault for using Facebuck.

[classiclantern]

What are you talking about? I didn't give Facebook my name, birth date, phone number, IP address, photo, or any useful data whatsoever. I'm reasonably sure Facebook has a file on me gathered from third party sources (idiot friends). I can't delete it because I don't have a Facebook account. I've tried. I can't delete my Facebook file without giving Facebook identifying information, which I won't do. My only hope, and desire is when corrupt politicians force Facebook to delete ALL the collected data of non-subscribers. As long as Zuck has money to bribe these jerks the public will be targets for every scammer on the planet. No big deal. Go back to watching YouTube videos of cats.

facebook better do something

[renegade600]

If they don't do anything to notify users, there could be another class action lawsuit against them, especially since they are just now reporting this. They are the ones who made it easy to scrape data. Maybe they they got paid to allowed this to happen.

no PII = no disclosure

[sdinfoserv]

PII or "personally identifiable information" is what triggers legal notification of a breach in most states. If this data “leak” does not include name + SSN, drivers license or state ID, or financial account information there are no laws requiring disclosure.
https://www.ncsl.org/research/... [ncsl.org]

Re:no PII = no disclosure

[what2123]

Good thing if you're in the EU as GDPR covers PI and it's much more broad than the US definition of PII.

Re:

[timeOday]

But this is just phonebook data.

Re:

[what2123]

I dont think GDPR cares as long as it's in a visible state online. Not sure how phone books are in the EU but since that's typically physical.media GDPR wouldnt apply except back to the company that originally processed and controlled that data assuming on computer somewhere. PI =!= PII

Re:

[Cybertect]

GDPR applies to all data stored and processed by businesses, not just data held on computers.

The law was designed to be 'technologically neutral' to prevent it becoming outdated by changes in technology.

Re: no PII = no disclosure

[IdanceNmyCar]

And you have a right to be unlisted. Likewise it's phone book data from a company whose job is not phone books, so it's a reasonable expectation that they would not disclose it as such.

Article about checking pwned

[wfgilreath]

Here's an article about resources to check if you are exposed... https://www.theverge.com/22367... [theverge.com]

Facebook is a data leak by definition

[Midnight Thunder]

Iâ(TM)d argue that Facebook and privacy are the opposite ends of the spectrum. Having data leaked simply means Facebook shared your data with yet another party.

Facebook wonâ(TM)t do anything to make users aware of leaks or privacy issues unless law or App Store rules require them to do so. Though, they will put up a fight first.