Facebook is expecting more scraping incidents like a security breach that saw data from some 533 million users exposed, a leaked internal memo has revealed.
The email was intended for Facebook’s PR staff in Europe, the Middle East and Africa, but was accidentally sent to journalists at the Belgian publication Data News on April 8.
Rather than exclusively focusing on the security problem, the social media firm is planning to spin future leaks as a ‘sector problem’ as to ‘normalise’ the issue.
The leak, involving data on users from across 106 countries, occurred back in 2019, but the trove of personal information was only freely published this year.
Before being posted on a hacker forum, however, the database was sold and resold privately by various cybercriminals who likely took advantage of the information.
Among users whose data was publicly leaked was Facebook CEO Mark Zuckerberg and platform co-founders Chris Hughes and Dustin Moskovitz.
Facebook is expecting more scraping incidents like the 2019 breach that saw data from some 533 million users leaked, a leaked internal memo has revealed. Pictured: Facebook CEO Mark Zuckerberg at the 2018 F8 summit, in which he promised in the wake of the Cambridge Analytica scandal to make privacy protection the platform’s top priority
Zuckerberg’s name, location and marriage information, date of birth and Facebook user ID were among the trove of stolen personal data
In response to the memo’s leak, a Facebook company spokesperson told MailOnline: ‘We are committed to continuing to educate users about data scraping.
‘We understand people’s concerns, which is why we continue to strengthen our systems to make scraping from Facebook without our permission more difficult and go after the people behind it.
‘That’s why we devote substantial resources to combat it and will continue to build out our capabilities to help stay ahead of this challenge.’
The internal memo published by Data News reveals Facebook’s intended public relations strategy for dealing with similar breaches in the future.
‘In the long term we expect more scraping incidents and it is important to frame this as a sector problem and normalize that this happens regularly,’ the email read.
‘To do this, the team proposes a follow-up post in the coming weeks that talks more broadly about our anti-scraping work and provides more transparency around the work we do here.
‘This may reflect much of the scraping activity, we hope this helps normalize the fact that this is ongoing and avoid the criticism that we are not transparent about specific incidents.’
The email also revealed that Facebook plans to not make any further comments on the leak as long as media coverage of the incident continues to dwindle.
Data News said that they were sent the memo accidentally after reaching out to Facebook for more information concerning the data breach.
Facebook told MailOnline earlier this month that the leaked data ‘was previously reported on in 2019. We found and fixed this issue in August 2019.’
However, Data News noted, Facebook was warned of the issue by ethical hacker Inti De Ceukelaire back in 2017, and failed to address the security flaw at that time.
It is thought that hackers acquired the information by taking advantage of a Facebook feature which, by default, allowed you to look up a person’s profile using their email address or phone number.
According to Mr De Ceukelaire, it was possible to import up to ten thousand contacts into the platform at the time — allowing for comprehensive ‘brute force’ attacks trialling random numbers to see which had a profile attached.
Rather than exclusively focusing on the security problem, the social media firm is planning to spin future leaks as a ‘sector problem’ as to ‘normalise’ the issue, the leaked memo suggests. Pictured: Facebook issued a full page ad in 2018 vowing better privacy protection after the Cambridge Analytica data harvesting scandal was revealed
Facebook’s PR team is not incorrect that scraping is a technique that can be used to extract data from similar social media platforms.
Shortly after the Facebook leak, for example, it came to light that data scraped from 500 million LinkedIn accounts and 1.3 million profiles on the audio-based social platform Clubhouse were also circulating the internet.
However, the difference between these incidents and the Facebook leak is that the former only involved data that was already publicly available on the platforms.
In Facebook’s case, however, it was the known-but-unclosed loophole in their systems that allowed data that would otherwise only be shared between ‘friends’ on the site to be made visible to third parties.
FACEBOOK’S PRIVACY DISASTERS
April 2020: Facebook hackers leaked phone numbers and personal data from 553 million users online.
July 2019: Facebook data scandal: Social network is fined $5billion over ‘inappropriate’ sharing of users’ personal information
March 2019: Facebook CEO Mark Zuckerberg promised to rebuild based on six ‘privacy-focused’ principles:
- Private interactions
- Encryption
- Reducing permanence
- Safety
- Interoperability
- Secure data storage
Zuckerberg promised end-to-end encryption for all of its messaging services, which will be combined in a way that allows users to communicate across WhatsApp, Instagram Direct, and Facebook Messenger.
December 2018: Facebook comes under fire after a bombshell report discovered the firm allowed over 150 companies, including Netflix, Spotify and Bing, to access unprecedented amounts of user data, such as private messages.
Some of these ‘partners’ had the ability to read, write, and delete Facebook users’ private messages and to see all participants on a thread.
It also allowed Microsoft’s search engine, known as Bing, to see the name of all Facebook users’ friends without their consent.
Amazon was allowed to obtain users’ names and contact information through their friends, and Yahoo could view streams of friends’ posts.
September 2018: Facebook disclosed that it had been hit by its worst ever data breach, affecting 50 million users – including those of Zuckerberg and COO Sheryl Sandberg.
Attackers exploited the site’s ‘View As’ feature, which lets people see what their profiles look like to other users.
Facebook (file image) made headlines in March 2018 after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy
The unknown attackers took advantage of a feature in the code called ‘Access Tokens,’ to take over people’s accounts, potentially giving hackers access to private messages, photos and posts – although Facebook said there was no evidence that had been done.
The hackers also tried to harvest people’s private information, including name, sex and hometown, from Facebook’s systems.
Zuckerberg assured users that passwords and credit card information was not accessed.
As a result of the breach, the firm logged roughly 90 million people out of their accounts as a security measure.
March 2018: Facebook made headlines after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy.
The disclosure has prompted government inquiries into the company’s privacy practices across the world, and fueled a ‘#deleteFacebook’ movement among consumers.
Communications firm Cambridge Analytica had offices in London, New York, Washington, as well as Brazil and Malaysia.
The company boasts it can ‘find your voters and move them to action’ through data-driven campaigns and a team that includes data scientists and behavioural psychologists.
‘Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections,’ with data on more than 230 million American voters, Cambridge Analytica claimed on its website.
The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.
The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump
This meant the company was able to mine the information of 87 million Facebook users even though just 270,000 people gave them permission to do so.
This was designed to help them create software that can predict and influence voters’ choices at the ballot box.
The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.
This information is said to have been used to help the Brexit campaign in the UK.
<!—->
Advertisement
