Facebook response to data breach ‘cold and defensive’

The social media firm has been criticised for its response to a database of personal information from more than 500 million accounts being published.
Facebook
PA Wire
Martyn Landi7 April 2021

Facebook has defended its security following its latest data security breach, but has been criticised for failing to apologise to users.

In recent days it has emerged that personal data linked to more than 500 million Facebook accounts had been posted freely on a hacking forum, including data from about 11 million UK users.

In response, Facebook said personal data taken from the social network was “scraped” using a now-fixed flaw rather than hacked from their systems.

The database consisted largely of phone numbers but also included some other information such as email address, dates of birth and addresses.

But Facebook has defended itself and its security by saying the information was gathered before September 2019, when the company found, disclosed and fixed the issue used to gather the data.

The social network did not, however, offer any apology for the incident, leading one industry commentator to describe the social media giant’s response as “cold, clinical, defensive and argumentative”.

The firm has been at the centre of a number of data privacy issues and breaches in recent years, including the Cambridge Analytica scandal, and the company’s approach to user-data and privacy has been repeatedly criticised.

This latest incident is now being investigated by data privacy watchdogs, including Ireland’s Data Protection Commission (DPC), which is the social network’s lead regulator in Europe.

This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services

Mike Clark, Facebook product management director

In a blog post on the incident, the social network’s product management director, Mike Clark, said the database had been built using software that took advantage of a flaw in Facebook’s contact importer tool.

This is a feature which allows people to match phone numbers they already have saved with accounts on Facebook in order to find friends on the platform.

However, Mr Clark said Facebook had already found and fixed the problem.

“Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this,” he said.

“The methods used to obtain this data set were previously reported in 2019.

“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services.

“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists.”

Mr Clark added that “scraping data using features meant to help people violates our terms” and that the social network had teams across the company working to detect such behaviour.

For a business that’s all about friendships and connections, Facebook has yet again made more enemies instead

Industry commentator Matt Navarra

Facebook said it was working to get the data set taken down and encouraged users to update the privacy settings around their accounts, including who can see certain information on their profile.

Social media expert and industry commentator Matt Navarra said Facebook’s response failed to show enough empathy to those affected by the breach.

“Facebook’s explanation of it being data scraping, not hacking, is only part of the story here.

“It’s also about the way Facebook communicates. Its tone and demeanour fail to strike the right tone with the victims of the incident,” he told the PA news agency.

“Over 500 million users’ account details are being exploited due to vulnerabilities in Facebook’s systems.

“That’s 500 million users who want Facebook to show some level of empathy, regret, and who want an apology.

“Facebook’s response feels cold, clinical, defensive and argumentative. Almost like it is trying to play down the scale of the incident.

“Starting with ‘we’re sorry’ would have been a good opener.

“For a business that’s all about friendships and connections, Facebook has yet again made more enemies instead.”

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in