Facebook downplays data breach in internal email

April 20, 2021 | 2 minutes read

An email, unintentionally sent to Belgium-based data news, revealed how the company would deal with the compromised account information of more than 533 million Facebook users. 

The email expressed that the company predicted more similar incidents, and was preparing to frame it as a problem that existed in the industry, labelling it as a normal occurrence. 

“We expect more scraping incidents and think it’s important to both frame this as a broad industry issue and normalize the fact that this activity happens regularly,” it said. 

It was also mentioned that the media attention would eventually die down. The company adopted the approach of issuing limited statements regarding the incident. 

Moreover, a blogpost was also planned to be published regarding the anti-scraping work, that would provide transparency on how the problem was being dealt with.

It was confirmed by Facebook that the memo was genuine and told the BBC: “We understand people’s concerns, which is why we continue to strengthen our systems to make scraping from Facebook without our permission more difficult and go after the people behind it.” 

It was later added by a spokesperson that Clubhouse and LinkedIn security had also been compromised due to “data scraping”. 

Earlier this month, in a Facebook data breach, personal account information of more than 533 million people from 106 countries was posted online to a hacking forum.  The data included email addresses, profile names, facebook ID numbers, birthdates, locations and even phone numbers of the users.

Facebook claimed that the leaked data was outdated and the leak itself was reported in 2019 previously. The company denied any foul play and claimed that the data was scraped from publicly available information on the social networking website. 

However, the company has to now deal with investigation from the Irish data commissioner regarding whether the Facebook data breach broke GDPR rules, and a mass legal action from the EU citizens whose personal information was compromised.