An internal memo made public has revealed how Facebook plans to deal with the leaking of account details from 533m users on to a hacking forum. Tactics including passing off the incident as normal.
The long-term strategy was included in an email accidentally sent to Belgian news website Data News after information including contact details was scraped, Facebook believes, from users’ profiles.
The memo read: “Assuming press volume continues to decline, we’re not planning additional statements on this issue.
“Longer term, though, we expect more scraping incidents and think it’s important to both frame this is a broad industry issue and normalise the fact that this activity happens regularly.
“To do this, the team is proposing a follow-up post in the next several weeks that talks more broadly about our anti-scraping work and provides more transparency around the work we’re doing in this area.
“While this may reflect a significant volume of scraping activity, we hope this will help to normalise the fact that this activity is ongoing and avoid criticism that we aren’t being transparent about particular incidents.”
The email sent to Data News was intended for Facebook’s EMEA public relations team.
The company confirmed the memo’s authenticity , saying: “It shouldn’t surprise anyone that our internal documents reflect what we’ve said publicly. As [incidents affecting] LinkedIn and Clubhouse have shown, data scraping is an industry-wide challenge which we are committed to tackling and educating users about.
“We understand people’s concerns, which is why we continue to strengthen our systems to make scraping from Facebook without our permission more difficult and go after the people behind it.”
The leaked memo comes a week after the Irish Data Protection Commission announced an investigation into the Facebook leaks.
Initially there was confusion about whether any of the data was leaked prior to the implementation of the General Data Protection Regulation in 2018.
However the Irish DPC has now said it is “of the opinion that one or more provisions of the GDPR.. may have been, and/or are being, infringed”
Facebook has said it has fixed the vulnerabilities with its contact look up feature that enabled hackers to scrape the data.
Register to receive the latest data protection and privacy news and analysis straight to your inbox