Facebook isn’t sorry for letting someone steal personal details of half a billion users

As an apology, it zucks…

Graham Cluley
@gcluley

Chances are that you’ve heard the story about how the phone numbers and personal data of over half a billion Facebook users has been leaked online.

The details of the 533 million users from 106 countries were scooped up from Facebook via a vulnerability in a feature which was supposed to help you connect with friends on the social network.

Facebook’s initial response to media queries was curt and dismissive:

“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”

It was also inaccurate.

The truth is that the data isn’t old. It might have been hoovered off Facebook a while ago, but most people won’t have changed their names, their phone numbers, their sex, their location, since then.

For most people the leaked data is current. It’s still data that could be exploited.

Sign up to our newsletter
Security news, advice, and tips.

Furthermore, I would argue that data such as an individual’s phone number can be extremely dangerous (for instance, imagine if it fell into the hands of a abusive ex-partner, a celebrity stalker, or a SIM swapper).

Clearly Facebook has now had some second thoughts about its initial “it’s old data, please don’t think it’s news” approach, and is trying again.

In a blog post Facebook describes what it says are “the facts on news reports about Facebook data”.

But here’s the thing.

Nowhere in Facebook’s post will you find the word “sorry.” Nowhere in Facebook’s post will you see an apology.

So I can assume that Facebook isn’t sorry. It doesn’t even say that it’s going to contact the half a billion users who have had their details leaked onto the internet – not because of the users’ own fault, but because of Facebook’s incompetence and lack of care.

Maybe you should bear that in mind when deciding what to do about this and the umpteen other occasions Facebook has betrayed your trust in the past.


If you’re thinking of leaving Facebook, why not listen to this “Smashing Security” podcast we recorded:

Smashing Security #75: 'Quitting Facebook'

Your browser does not support this audio element. https://aphid.fireside.fm/d/1437767933/dd3252a8-95c3-41f8-a8a0-9d5d2f9e0bc6/3e3e8a52-4c1e-45c7-8271-8c13eb312039.mp3

Listen on Apple Podcasts | Google Podcasts | Pocket Casts | Spotify | Other... | RSS
More episodes...

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One comment on “Facebook isn’t sorry for letting someone steal personal details of half a billion users”

  1. I am so upset about this, I have terminated any further interactions with my Facebook account aside from game logins. I hope many others join me in the boycott.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.