Last week, a user dumped over personal data of over 500 million Facebook users on a hacking forum. The data set matched the one that was scraped earlier and was sold on the hacking forum.
Facebook has now confirmed that the company will not notify half a billion users who were affected by the leak. In a statement to Reuters, a Facebook spokesperson noted that the social media giant was not confident "it had full visibility on which users would need to be notified". Furthermore, the Facebook spokesperson said that the data is out and there is nothing that users can do now. Hence, the company decided that it will not notify users about the breach. Lastly, Facebook confirmed that the vulnerability that allowed data to be scraped is patched.
Moreover, on Tuesday, Facebook's Product Management Director Mike Clark wrote an article about the whole ordeal. In the article, Clark tried to downplay the breach by noting that it happened in 2019 and that the issue has since been fixed. Furthermore, he also said that "scraping data using features meant to help people violates our terms" and that the company has teams "working to detect and stop these behaviors". However, as BuzzFeed News reporter Ryan Mac pointed out, Facebook has not taken any action against Clearview AI for scraping photos from Instagram and Facebook.
The silver lining here is that Troy Hunt managed to secure the database and he made it available to everyone. This way users can check if their personal details were leaked in the latest Facebook breach. Hunt also managed to secure the list of phone numbers that were leaked in the breach, giving users an easy way of checking if their phone numbers were leaked. You can take a look at our guide on how to check if your personal information was leaked during the breach. The Irish Data Protection Commission (DPC) has also taken note of the latest breach and is reviewing the details of the hack.