Chances are that you’ve heard the story about how the phone numbers and personal data of over half a billion Facebook users has been leaked online.
The details of the 533 million users from 106 countries were scooped up from Facebook via a vulnerability in a feature which was supposed to help you connect with friends on the social network.
Facebook’s initial response to media queries was curt and dismissive:
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”
It was also inaccurate.
The truth is that the data isn’t old. It might have been hoovered off Facebook a while ago, but most people won’t have changed their names, their phone numbers, their sex, their location, since then.
For most people the leaked data is current. It’s still data that could be exploited.
Furthermore, I would argue that data such as an individual’s phone number can be extremely dangerous (for instance, imagine if it fell into the hands of a abusive ex-partner, a celebrity stalker, or a SIM swapper).
Clearly Facebook has now had some second thoughts about its initial “it’s old data, please don’t think it’s news” approach, and is trying again.
In a blog post Facebook describes what it says are “the facts on news reports about Facebook data”.
But here’s the thing.
Nowhere in Facebook’s post will you find the word “sorry.” Nowhere in Facebook’s post will you see an apology.
So I can assume that Facebook isn’t sorry. It doesn’t even say that it’s going to contact the half a billion users who have had their details leaked onto the internet – not because of the users’ own fault, but because of Facebook’s incompetence and lack of care.
Maybe you should bear that in mind when deciding what to do about this and the umpteen other occasions Facebook has betrayed your trust in the past.
If you’re thinking of leaving Facebook, why not listen to this “Smashing Security” podcast we recorded: