Facebook’s leaf out of Zuma’s book
The company’s impunity over not informing users or regulators about half a billion customers getting hacked is astounding
What is the most galling thing about the latest Facebook data hack of 533-million users’ personal data? That Facebook was warned as far back as 2012 about the data-scraping vulnerability? Or that it intimated it was the users’ own fault?
First, the facts, as best we know them. As usual, Facebook wasn’t even aware it had been breached. A dataset of the 533-million users appeared on a hacker forum last week with their phone numbers and other details.
Business Insider reported the data breach on April 3 and since then Facebook has been loath to respond to questions about how it happened. Instead, it points journalists to a blog post, “The facts on news reports about Facebook data”.
It argues that “malicious actors obtained this data not through hacking our systems but by scraping it from our platform”.
So, it wasn’t hacked but the data was scraped by “malicious actors”. Then Facebook says — taking a leaf form the ANC’s playbook on how to respond to accusations of corruption — that the issue was “previously reported” (it included a link to a 2019 CNET article). It claims the vulnerability in its “content importer” tool has since been fixed.
Facebook admitted it hadn’t intended to tell users about the event because it didn’t feel “confident” about which of them were affected.
Then it argued that users “could not fix the issue … [and] the data was publicly available”.
It then offered what seems like benevolent advice, but as always passes the buck to its own users.
“While we addressed the issue identified in 2019, it’s always good for everyone to make sure that their settings align with what they want to be sharing publicly. In this case, updating the ‘how people find and contact you’ control could be helpful. We also recommend people do regular privacy checkups to make sure that their settings are in the right place, including who can see certain information on their profile and enabling two-factor authentication.”
All this is true. But only Facebook could try to blame the victims and make out that it wasn’t itself at fault because the data was “public”.
Facebook, now valued at $885bn after a six-month surge in its share price, didn’t even tell the lead European regulator about the hack. Ireland’s data protection commission said in a statement that Facebook did “no proactive communication”.
Not even former president Jacob Zuma has acted with such impunity. There is a remote chance he may go to jail for ignoring the Constitutional Court’s order to appear before the Zondo commission, but Facebook’s boss Mark Zuckerberg is unlikely to face consequences.
Marketing guru Scott Galloway called Zuckerberg a sociopath on The New York Times podcast Sway.
Most appropriate.
Only Facebook could deflect blame onto the victims and say the data was ‘public’