Facebook reportedly has not alerted any of its more than half a billion users who recently had their personal data — including their names and phone numbers — leaked online in a data breach, and according to Reuters, the company has no plans to do so moving forward.
Business Insider first reported last week that the personal information of more than 530 million Facebook users had been made available in an unsecured public database. The exposed information included “phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses,” Insider noted.
In a blog post responding to the news on Tuesday, Facebook said that the leaked user data was obtained by “malicious actors” in 2019 who used a “scraping” mechanism on a feature designed to help new users synch with friends on the platform.
Despite the major data breach, which affected users from 106 countries — including over 32 million records on users in the U.S. and 11 million on users in the U.K. — a Facebook spokesperson reportedly told Reuters on Thursday that the company does not currently have a plan to notify the users that their information has been shared.
“The Facebook spokesman said the social media company was not confident it had full visibility on which users would need to be notified,” Reuters reported. “He said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users.”
Facebook made clear in its blog post that it is “confident that the specific issue that allowed them to scrape this data in 2019 no longer exists.” The company also asserted that the breached data did not include users’ financial information, health information, or passwords.
Even so, the data that was obtained and shared in the unsecured database could prove valuable for hackers and other cybercriminals. The person who discovered the trove of data, Alon Gal, CEO of the cybercrime intelligence firm Hudson Rock, told Business Insider that hackers could use easily the information to impersonate or scam users into handing over login credentials.
In a scathing report published Wednesday, Vice News writer David Gilbert bashed Facebook for failing to protect user data and for refusing to take responsibility for its failures.
“Instead of owning up to its latest failure to protect user data, Facebook is pulling from a familiar playbook: just like it did during the Cambridge Analytica scandal in 2018, it’s attempting to reframe the security failure as merely a breach of its terms of service,” Gilbert wrote.