In the wake of news that personal information from over 533 million Facebook users leaked online, the company said it won’t inform impacted users.
The social media giant isn’t informing users because it isn’t sure which users were impacted, a Facebook spokesperson told Reuters. Moreover, since users are unable to fix the issue and the data is already public, Facebook is choosing not to identify and inform users.
The data leak included phone numbers, full names, locations, email addresses, and biographical information of over 533 million Facebook users from 106 countries. US users made up the majority with over 32 million users impacted, with users in the UK and India representing the second- and third-most impacted regions.
The breach wasn’t disclosed by Facebook, and the company didn’t address it until Insider reported on the data trove’s appearance on a hacking forum last week.
In a blog post on Tuesday, Facebook product management director Mike Clark said it didn’t disclose the breach because of the way that the leaked data was obtained. Rather than a hack, Facebook said the data was obtained, “by scraping it from our platform prior to September 2019.”
In short: Hackers didn’t break into Facebook’s servers and steal a bunch of user data. Instead, the data was pulled from publicly available Facebook pages.
That may also be key to why Facebook isn’t able to determine which users were impacted. Clark said that the data is suspected to have been scraped using Facebook’s contact importer tool, which was available to all users.
Without Facebook telling its impacted users about the data breach, third-party services like “Have I been pwned” have filled the void – here’s how to see if you were impacted in the breach.
Got a tip? Contact Insider senior correspondent Ben Gilbert via email (firstname.lastname@example.org), or Twitter DM (@realbengilbert). We can keep sources anonymous. Use a non-work device to reach out. PR pitches by email only, please.