Facebook Says Leak of 533 Million Users’ Data Wasn’t a Hack. Does it Matter?

Facebook Inc.

highlighted a point in response to recent reports of data breaches from some 533 million users: The incident was not a robbery.

Instead, the tech company said the searches for names, phone numbers and other information circulating online are related to a massive scrape of public profiles that Facebook discovered and stopped in 2019.

Legal and privacy experts say this nuance could be crucial to preventing a web of state laws from taking effect requiring companies to report data breaches to regulators and the public. However, some argue that this distinction makes little difference to users, as hackers can exploit these data sets to combine previously disparate information for future attacks.

Facebook discloses information that would not otherwise be public, namely the link between a user and their phone number, he said.

Ashkan Soltani,

former chief technologist of the Federal Trade Commission.

During a virtual meeting on Twitter Spaces on Wednesday, Soltani warned that the information could help attackers launch phishing campaigns or hack victims’ accounts on other apps where phone numbers are used for authentication.

Newsletter subscription

WSJ Pro Cybersecurity

Cybersecurity news, analysis and insights from WSJ’s international team of journalists and editors.

Facebook has not notified users of the incident and does not intend to do so because it cannot determine with certainty which users should be notified, the spokesperson said. He added that the company takes into account the sensitivity of the information when making such decisions, noting that users themselves include the data in question in their public profiles.

According to privacy and cyberspace experts, hackers can use cross-references to these files, which do not necessarily contain sensitive information, to refine their attacks. Researchers are looking for

Microsoft Corporation

For example, email programs look to see if attackers have captured email addresses in a previous data theft, or if mass information has been snatched from social media accounts.

Dominic Shelton Leipzig is co-chair of Perkins Coie, a law firm specializing in privacy and data management in the advertising industry.


Perkins Coie LLP

Such automated collection of public information violates the terms of service of many companies, said Dominic Shelton Leipzig, co-chair of the notification, privacy and data management working group at law firm Perkins Coie LLP.

In the United States, there is no federal standard for when companies must disclose violations. The various security breach notification laws in the states generally cover incidents defined by unauthorized access or identity theft, she said.

The phone number itself is not personal information under breach notification laws, as far as I know, said Shelton Leipzig, whose office represents Facebook but is not working on this incident.

Facebook, which has been critical in the past of researchers and app developers pulling information from its platform, said the latest leak came from a malicious party that reverse-engineered a tool used to connect users to their mobile contacts, and not from a hack of its platform.

Mike Clark, director of product management for Facebook, wrote in a blog post Tuesday that the actor used software to load a large amount of phone numbers into the tool to find matching profiles. Sir, I want to thank you for your support. Clark said the actor then went through the accounts and intercepted the available information.

It is important to understand that the attackers did not obtain this data by breaking into our systems, but by removing it from our platform before September 2019, Clark said, adding that the affected data did not include financial information, medical records or passwords.

The free release of all data obtained from the hacker forum, as the news site Insider reported Saturday, is the latest in a series of privacy incidents for the tech company.

In 2019, the FTC voted to impose a historic $5 billion fine on Facebook for alleged privacy violations. In previous public statements about a major incident, the misuse of user data by Cambridge Analytica, a data company close to Donald Trump, Facebook also stressed that the incident was not a breach of its systems.

Regardless of the labels, says

Justin Brookman,

Director of privacy and technical policy at consumer protection group Consumer Reports, Facebook should have notified users of the incident in 2019 so they could have taken precautions.

Given their history and leadership, he said, it is not at all surprising that they made this decision: not to inform users.

Email David Uberti at [email protected].

Copyright ©2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

facebook leaks personal informationfacebook leak datafacebook leaked database downloadfacebook leak listfacebook data breach 2021facebook data leak download,People also search for,Privacy settings,How Search works,facebook leaks personal information,facebook leak data,533 million facebook users data leaked reddit,facebook leaked database download,facebook leak list,facebook data breach 2021,facebook data leak download,facebook data leak link

You May Also Like