Facebook has tried to downplay a data leak that saw information from 533 million people in 106 countries published on a hacking forum.
The huge swathe of data was thought to have been ‘scraped’ from Facebook (where information is pulled from personal profiles en masse), then collated and published online. Whilst much of this information is thought to have already been publicly available on users’ profiles, mobile phone numbers are also thought to have been part of the cache, meaning Facebook could be subject to an investigation on whether it broke GDPR rules.
In light of the EU probe, Facebook sent an internal email calling on staff to downplay the leak and instead begin a narrative about how developments such as these are part of everyday life now – being a case of ‘if’, not ‘when’.
Unfortunately for Facebook, this memo was accidentally sent to Data-News in Belgium. This transpired when Data-News requested more information on Facebook’s attempt to solve the issue of data scraping, amid allegations that it had not sufficiently or correctly answered questions about it, or provided an accurate timeline on when this scrape in question was discovered and resolved.
Facebook’s reply accidentally included the internal memo, which Data-News then published in full.
It revealed how the social network planned to normalise such incidents; to frame them as an industry-wide problem and not something that specifically and uniquely impacts Facebook. It also planned to limit any official comments in the hope that negative press simply dies back down.
The memo went on to explicitly state that data leaks such as these were guaranteed to happen again in future.
Luckily for Facebook, its claims that data scraping is an industry-wide problem came within weeks of similar issues for LinkedIn and Clubhouse, which collectively affected hundreds of millions of users. However, Facebook’s very nature of containing much more personal data has left analysts claiming the two aren’t quite comparable.
Data-News said: “Scraping does occur in more places, but Facebook gave scrapers a lot more personal data, which was not visible to strangers, than other platforms.”
It added that, whilst Facebook knew about the problem back in 2017, it wasn’t until 2019 that any action was taken. “The problem is therefore not that scrapers are targeting Facebook, but that Facebook did nothing to sufficiently counteract the practice, until one day half a billion data was on the street.”