Irish DPC says Facebook data leak affects “significant number" of EU users

The regulator is investigating the data leak involving the personal details of 533 million users

Ireland’s Data Protection Commission (DPC) is investigating the Facebook data leak involving the personal details of 533 million users.

The DPC, the Irish supervisory authority responsible for monitoring the application of GDPR, stated that of the 533 million individuals caught up in the leak, a “significant number” are EU users. It also said that much of the data appears to have been scraped some time ago from public Facebook profiles.

The DPC also explained that previous datasets were published in 2019 and 2018 and related to a large-scale scraping of the social media giant’s website, which Facebook advised occurred between June 2017 and April 2018, when it closed off a vulnerability in its phone lookup functionality.

“Because the scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR,” wrote the DPC.“The newly published dataset seems to comprise the original 2018 (pre GDPR) dataset and combined with additional records, which may be from a later period.”

The DPC stated it had attempted to establish the full facts of the leak and is continuing to do so, although it has received “no proactive communication from Facebook”.

After the DPC contacted Facebook “through a number of channels”, the social media giant stated that the information in the dataset was publicly available and scraped prior to changes made to the platform in 2018 and 2019. 

“As I am sure you can appreciate, the data at issue appears to have been collated by third parties and potentially stems from multiple sources. It therefore requires extensive investigation to establish its provenance with a level of confidence sufficient to provide your Office and our users with additional information,” Facebook told the DPC.

Furthermore, the DPC said that some of the records released on the “hacker website” contain phone numbers and email address of users, which creates risks for users who may be spammed for marketing purposes.

Facebook stated in a blog post that it believes malicious actors used the organisation’s contact importer to scrape data from users’ Facebook profiles prior to September 2019. 

“Through the previous functionality, they [malicious actors] were able to query a set of user profiles and obtain a limited set of information about those users included in their public profiles. The information did not include financial information, health information or passwords,” it stated.

Have I Been Pwned, a free service created by security blogger Troy Hunter, has added phone number functionality to its database to allow users to see if their personal numbers have been exposed in the latest Facebook data leak.

The data of 533 million users was published by a hacker on a low-level hacking forum over the weekend. The data was available to be downloaded for free and allowed anyone to look up a Facebook user’s record using their phone number. The records, which represented around a fifth of the company’s entire user base, contained phone numbers, full names, birth dates and more.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
UK gun owners urged to be ‘vigilant’ after Guntrader data breach
data breaches

UK gun owners urged to be ‘vigilant’ after Guntrader data breach

23 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021