Facebook is one of the richest companies in the world and as such, you would think that they would have a better handle on their own security.

They seem to be more in the business of selling and exploiting user data.

One of the first things that happened was the Cambridge Analytica scandal that resulted in the data of 87 million users being sold by Facebook to be used for political ads without the approval of the users.

Now, we’ve recently learned of another breach of trust in which the dat of over 500 million users has been hacked. Truth be told, we don’t even know when it happened.

Facebook’s product management director Mike Clark’s blog post about this new leak sounds similar to their response to Cambridge Analytica.

“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” Clark wrote. He said this “scraping” occurred through the feature to help users find their friends on the website using their contact list. But this left Facebook wide open for more hacking.

“Effectively, the attacker created an address book with every phone number on the planet and then asked Facebook if his ’friends’ are on Facebook,” tweeted security expert Mikko Hypponen.

Clark doesn’t explain exactly when this break occurred or how many times. However, he does say that Facebook fixed the problem in August 2019. However, Inti De Ceukelaire, an ethical hacker from Belgium, warned Facebook about this opening for hackers in 2017. In his tweet, he added Facebook’s response to his concern, which dismissed his concern, essentially saying that if people don’t want to partake in this feature, they should set their “Who can look me up” setting to “Private.”

They also claim to have 'found' the issue in 2019 – which is a blatant lie. I reported the issue to them in 2017 – they said "we might tweak rate limits in the future" and blamed users for not understanding their kafkaesque privacy settings.https://t.co/0xLpXvbonw pic.twitter.com/57yHrmYViJ

— Inti De Ceukelaire (@intidc) April 6, 2021

Clark also said the following regarding user data,

“While we addressed the issue identified in 2019, it’s always good for everyone to make sure that their settings align with what they want to be sharing publicly. In this case, updating the ‘How People Find and Contact You’ control could be helpful. We also recommend people do regular privacy checkups to make sure that their settings are in the right place, including who can see certain information on their profile and enabling two-factor authentication.”

So he’s saying that it’s your fault because you “control” your own data…even though they require you to put your data in there.

Sources:
Premier Daily