Facebook responds to massive user data breach in typical Facebook fashion

Over the weekend, news broke regarding a massive data breach and subsequent dump of Facebook users’ information on a well-known, low-level hacking forum. As Business Insider detailed, the release includes over 533 million individuals’ personal info, including phone numbers, full names, birth dates, geographic locations, and sometimes even email addresses. Although the hack occurred in 2019, many of those personal details can still be used for scamming, phishing, and identity theft purposes.

In response, Facebook’s Product Management Director, Mike Clark, published an extremely Facebook response on the website’s Newsroom, which essentially boiled down to a corporate “Well, actually,” statement.

“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” Clark said. “Scraping data using features meant to help people violates our terms. We have teams across the company working to detect and stop these behaviors.”

Right. Very reassuring. According to a lengthy breakdown over at Wired, there is (somehow) far more to the story than half a billion people’s information becoming available on the dark web, essentially for free. But then, of course there is.

Facebook would like you to believe this is a rare occurrence — Although Facebook would like everyone to believe it previously copped to the data scrape when it first occurred over three years ago, in actuality, the info has floated around online since 2019, originating in a breach Facebook “did not disclose in any significant detail at the time and only fully acknowledged Tuesday evening.”

As Wired’s coverage also notes, potentially some of the confusion could be attributed to the fact that there have been quite a few ridiculously large data breaches over the years. There were 540 million users hacked in April 2019, the 419 million affected by a separate instance revealed later that year, and another 30 million exposed in 2018. Oh, and lest we forget that little snafu known as the Cambridge Analytica scandal.

There’s a much simpler explanation for all this — Facebook claims it acknowledged this particular data scrape when it first happened in 2019, but that doesn’t quite add up. Sure, Zuckerberg and company copped to a similar issue with Instagram around that same time... but that’s not the same hack at all. “Facebook admits that it did not notify users that their data had been compromised individually or through an official company security bulletin,” explains Wired. Of course, there is a much easier way to sum all this up: Facebook is, once again, lying to the public, and can’t get its facts — much less its data security — straight.