Facebook refuses to apologise after personal data of 11m UK users hacked

Facebook refuses to apologise after personal data of 11m UK users hacked
Information stolen and then leaked online includes full names, locations, dates of birth, phone numbers and email addresses

By
Mike Wright
7 April 2021 • 4:59pm
Facebook has refused to apologise after a data breach left the details of 11 million British users exposed, as the UK's data watchdog said it is now looking at the tech giant.

The details of more than 530 million users of the social network have been found leaked on a website in recent days.

On Tuesday, Facebook confirmed the data had been ‘scraped’ from its site by hackers, but that the breach appears to have come from a software flaw the company found and fixed in 2019.

The UK watchdog, the Information Commissioner’s Office (ICO), has confirmed to The Telegraph it is now looking into the incident with a view to whether it should open an official investigation.

The body has powers to levy fines running into the billions on large tech companies if they are found to have breached UK citizens' rights.

The hacked data, first discovered by the website Business Insider, includes the full names, locations, dates of birth, phone numbers and email addresses of 533 million users from 106 countries.


In a blogpost, Facebook’s product management director Mike Clark, failed to apologise for the breach, saying only that the scraping was a “common tactic” hackers used to glean information from public forums.

He said the attack appeared to have happened before Facebook found and reported the security flaw with its contact importer tool, which allows users to find people on the site via their phone numbers.

Mr Clark added: "This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services.

"As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists."

The company's lack of an apology was criticized by social media experts, who accused Facebook of showing a lack of empathy towards users who had had their personal information leaked.

Matt Navarra, a social media consultant and industry commentator, said: "Facebook's response feels cold, clinical, defensive and argumentative. Almost like it is trying to play down the scale of the incident.”

Meanwhile, a number of data regulators are now looking into the breach, including the UK’s ICO and Ireland’s Data Protection Commission.

A spokesman for the ICO said: “The ICO is aware of these reports and will be looking into them on behalf of UK citizens, including liaising with international colleagues where relevant.”