Facebook isn’t sorry for letting someone steal personal details of half a billion users

As an apology, it zucks…

Facebook isn't sorry for letting someone steal personal details of half a billion users

Chances are that you’ve heard the story about how the phone numbers and personal data of over half a billion Facebook users has been leaked online.

The details of the 533 million users from 106 countries were scooped up from Facebook via a vulnerability in a feature which was supposed to help you connect with friends on the social network.

Facebook’s initial response to media queries was curt and dismissive:

“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”

It was also inaccurate.

The truth is that the data isn’t old. It might have been hoovered off Facebook a while ago, but most people won’t have changed their names, their phone numbers, their sex, their location, since then.

For most people the leaked data is current. It’s still data that could be exploited.

Sign up to our free newsletter.
Security news, advice, and tips.

Furthermore, I would argue that data such as an individual’s phone number can be extremely dangerous (for instance, imagine if it fell into the hands of a abusive ex-partner, a celebrity stalker, or a SIM swapper).

Clearly Facebook has now had some second thoughts about its initial “it’s old data, please don’t think it’s news” approach, and is trying again.

In a blog post Facebook describes what it says are “the facts on news reports about Facebook data”.

But here’s the thing.

Nowhere in Facebook’s post will you find the word “sorry.” Nowhere in Facebook’s post will you see an apology.

So I can assume that Facebook isn’t sorry. It doesn’t even say that it’s going to contact the half a billion users who have had their details leaked onto the internet – not because of the users’ own fault, but because of Facebook’s incompetence and lack of care.

Maybe you should bear that in mind when deciding what to do about this and the umpteen other occasions Facebook has betrayed your trust in the past.

If you’re thinking of leaving Facebook, why not listen to this “Smashing Security” podcast we recorded:

Smashing Security #75: 'Quitting Facebook'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Facebook isn’t sorry for letting someone steal personal details of half a billion users”

  1. Mark Jacobs

    I am so upset about this, I have terminated any further interactions with my Facebook account aside from game logins. I hope many others join me in the boycott.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.