Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Jirapong Manustrong
Facebook

Data watchdog awaiting 'firm answers' from Facebook over information leak

The dataset leaked online included phone numbers and email addresses from Facebook users.

THE DATA PROTECTION Commission (DPC) is awaiting further information from Facebook about a data leak impacting 533 million people, many of whom are in the EU.

The data was taken from Facebook by a third party a number of years ago and republished in an unsecure database at the weekend.

It contained records from millions of Facebook users, including phone numbers and email addresses.

Facebook said that this data was scraped from its website a couple of years ago through the manipulation of a feature that has since been changed. 

Scraping refers to the harvesting of information from websites. 

The deputy data protection commissioner Graham Doyle said the dataset published over the weekend “seems to comprise” data from 2018 along with “additional records, which may be from a later period”. 

In May 2018, the General Data Protection Regulation (GDPR) took effect in the EU. This regulation imposes fines on those who breach its data privacy and security standards.

“Because the scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR,” Doyle said in a statement. 

Doyle said the DPC “received no proactive communications from Facebook” about this latest publication of data over the weekend. 

The DPC said Facebook has assured that this issue “requires extensive investigation” and will be given high priority in order to provide “firm answers”. 

“A percentage of the records released on the hacker website contain phone numbers and email address of users,” Doyle said.

“Risks arise for users who may be spammed for marketing purposes but equally users need to be vigilant in relation to any services they use that require authentication using a person’s phone number or email address in case third parties are attempting to gain access.”

The issue arose after a third party used Facebook’s contact importer feature, which allowed users to find friends on Facebook using their contact lists, to harvest personal data from users. 

Facebook changed this feature in 2019 after it became aware it was being abused. 

This issue was reported in 2019 after a similar database of information was briefly made publicly available through a third-party server. 

A Facebook company spokesperson said today: “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”

Your Voice
Readers Comments
17
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel