Facebook will not be notifying those who had their data leaked

It has recently come to light that unauthorised individuals leaked data belonging to 533m Facebook accounts and posted it online.

Despite the circumstances, Facebook is not planning to notify those who were affected.

The leak contains a large amount of sensitive data – the kind that no-one would want floating around the internet.

This includes:

  • Phone numbers
  • Birthdates
  • Locations
  • Full names

Many users feel that Facebook’s response has been unsatisfactory.

According to Reuters, company officials cited two reasons why they have made the decision:

  • It is not entirely clear which users would need to be notified.
  • Those who have been affected would not be able to do anything on their end to remedy the situation.

How have the web-scraping privacy violators got their hands on the data?

As per the official Facebook blog, the authors estimate that the data was scraped at some point before September 2019 via its contact importer.

This is, of course, a violation of the company’s policies.

As Ryan Mac from BuzzFeed News points out, Facebook has not spoken out against Clearview AI, a controversial surveillance company, and it has not filed any lawsuits.

To this date, Facebook has said nothing on record to address the matter, though it claims to have made changes to its contact importer to combat the unauthorised scraping.

Despite the company’s decision not to notify those affected, there is a way to take a proactive approach and find out yourself through HaveIBeenPwned or similar platforms.

Brian Krebs, a cyber security expert, recommends removing any phone numbers from your online accounts wherever possible.

He also advises against using SMS or phone calls for the purposes of two-factor authentication due to it not being as secure as other methods such as security keys.