Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now

Data watchdog awaiting 'firm answers' from Facebook over information leak

The dataset leaked online included phone numbers and email addresses from Facebook users.

Image: Shutterstock/Jirapong Manustrong

THE DATA PROTECTION Commission (DPC) is awaiting further information from Facebook about a data leak impacting 533 million people, many of whom are in the EU.

The data was taken from Facebook by a third party a number of years ago and republished in an unsecure database at the weekend.

It contained records from millions of Facebook users, including phone numbers and email addresses.

Facebook said that this data was scraped from its website a couple of years ago through the manipulation of a feature that has since been changed. 

Scraping refers to the harvesting of information from websites. 

The deputy data protection commissioner Graham Doyle said the dataset published over the weekend “seems to comprise” data from 2018 along with “additional records, which may be from a later period”. 

In May 2018, the General Data Protection Regulation (GDPR) took effect in the EU. This regulation imposes fines on those who breach its data privacy and security standards.

“Because the scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR,” Doyle said in a statement. 

Doyle said the DPC “received no proactive communications from Facebook” about this latest publication of data over the weekend. 

The DPC said Facebook has assured that this issue “requires extensive investigation” and will be given high priority in order to provide “firm answers”. 

“A percentage of the records released on the hacker website contain phone numbers and email address of users,” Doyle said.

“Risks arise for users who may be spammed for marketing purposes but equally users need to be vigilant in relation to any services they use that require authentication using a person’s phone number or email address in case third parties are attempting to gain access.”

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article.

Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

The issue arose after a third party used Facebook’s contact importer feature, which allowed users to find friends on Facebook using their contact lists, to harvest personal data from users. 

Facebook changed this feature in 2019 after it became aware it was being abused. 

This issue was reported in 2019 after a similar database of information was briefly made publicly available through a third-party server. 

A Facebook company spokesperson said today: “This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.”

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel