Facebook response to data breach ‘cold and defensive’

7 April 2021, 10:24

Facebook
Facebook child sexual exploitation content. Picture: PA

The social media firm has been criticised for its response to a database of personal information from more than 500 million accounts being published.

Facebook has defended its security following its latest data security breach, but has been criticised for failing to apologise to users.

In recent days it has emerged that personal data linked to more than 500 million Facebook accounts had been posted freely on a hacking forum, including data from about 11 million UK users.

In response, Facebook said personal data taken from the social network was “scraped” using a now-fixed flaw rather than hacked from their systems.

The database consisted largely of phone numbers but also included some other information such as email address, dates of birth and addresses.

But Facebook has defended itself and its security by saying the information was gathered before September 2019, when the company found, disclosed and fixed the issue used to gather the data.

The social network did not, however, offer any apology for the incident, leading one industry commentator to describe the social media giant’s response as “cold, clinical, defensive and argumentative”.

The firm has been at the centre of a number of data privacy issues and breaches in recent years, including the Cambridge Analytica scandal, and the company’s approach to user-data and privacy has been repeatedly criticised.

This latest incident is now being investigated by data privacy watchdogs, including Ireland’s Data Protection Commission (DPC), which is the social network’s lead regulator in Europe.

In a blog post on the incident, the social network’s product management director, Mike Clark, said the database had been built using software that took advantage of a flaw in Facebook’s contact importer tool.

This is a feature which allows people to match phone numbers they already have saved with accounts on Facebook in order to find friends on the platform.

However, Mr Clark said Facebook had already found and fixed the problem.

“Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this,” he said.

“The methods used to obtain this data set were previously reported in 2019.

“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services.

“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists.”

Mr Clark added that “scraping data using features meant to help people violates our terms” and that the social network had teams across the company working to detect such behaviour.

Facebook said it was working to get the data set taken down and encouraged users to update the privacy settings around their accounts, including who can see certain information on their profile.

Social media expert and industry commentator Matt Navarra said Facebook’s response failed to show enough empathy to those affected by the breach.

“Facebook’s explanation of it being data scraping, not hacking, is only part of the story here.

“It’s also about the way Facebook communicates. Its tone and demeanour fail to strike the right tone with the victims of the incident,” he told the PA news agency.

“Over 500 million users’ account details are being exploited due to vulnerabilities in Facebook’s systems.

“That’s 500 million users who want Facebook to show some level of empathy, regret, and who want an apology.

“Facebook’s response feels cold, clinical, defensive and argumentative. Almost like it is trying to play down the scale of the incident.

“Starting with ‘we’re sorry’ would have been a good opener.

“For a business that’s all about friendships and connections, Facebook has yet again made more enemies instead.”

By Press Association

More Technology News

See more More Technology News

Hands on a laptop

Estimated 7m UK adults own cryptoassets, says FCA

A teenager uses his mobile phone to access social media,

Social media users ‘won’t be forced to share personal details after child ban’

Google Antitrust Remedies

US regulators seek to break up Google and force Chrome sale

Jim Chalmers gestures

Australian government rejects Musk’s claim it plans to control internet access

Graphs showing outages across Microsoft

Microsoft outage hits Teams and Outlook users

The Google logon on the screen of a smartphone

Google faces £7 billion legal claim over search engine advertising

A person holds an iphone showing the app for Google chrome search engine

Apple and Google ‘should face investigation over mobile browser duopoly’

UK unveils AI cyber defence lab to combat Russian threats, as minister pledges unwavering support for Ukraine

British spies to ramp up fight against Russian cyber threats with launch of cutting-edge AI research unit

Pat McFadden

UK spies to counter Russian cyber warfare threat with new AI security lab

Openreach van

Upgrade to Openreach ultrafast full fibre broadband ‘could deliver £66bn boost’

Laptop with a virus warning on the screen

Nato countries are in a ‘hidden cyber war’ with Russia, says Liz Kendall

Pat McFadden

Russia prepared to launch cyber attacks on UK, minister to warn

A Google icon on a smartphone

Firms can use AI to help offset Budget tax hikes, says Google UK boss

Icons of social media apps, including Facebook, Instagram, YouTube and WhatsApp, are displayed on a mobile phone screen

Growing social media app vows to shake up ‘toxic’ status quo

Will Guyatt questions who is responsible for the safety of children online

Are Zuckerberg and Musk responsible for looking after my kids online?

Social media apps on a phone

U16s social media ban punishes children for tech firm failures, charities say