Facebook leaks strategy to numb reaction to data scraping incidents

Facebook’s long-term strategy is to desensitize users about leaked data dumps that were collected through scraping the public portion of the social network.

The plan was revealed after the company leaked to journalists internal communication intended for Facebook’s public relations staff in Europe, Middle East, and Africa.

Facebook’s decision comes after mobile phone numbers and other personal information belonging to about

533 million of its users was published on a hacker forum.

Some of the information included in the cache was also available publicly in user profiles and could have been scraped from the social network.

The data also contained private phone numbers, though, collected because of a vulnerability that Facebook fixed in August 2019, the company told BleepingComputer.

Among the phone numbers in the database was that of  Mark Zuckerberg, Chris Hughes, and Dustin Moskovitz, three of the Facebook social network founders.

Normalizing data scraping

When inquiring about the 533 million data breach, a journalist at DataNews publication in the Netherlands received by accident internal communication from Facebook on how to handle the incident.

According to DataNews, Facebook decided to keep statements at a minimum and wait for media attention to wane. Action in the long run includes dismissing scraping incidents “as a broad industry issue” that occurs regularly.

“Longer term, though, we expect more scraping incidents and think it’s important to both frame this as a broad industry issue and normalize the fact that this activity happens regularly,” reads the internal communication.

The email also mentions the company’s plan to publish a post about Facebook’s anti-scraping effort and transparency about how the issue is being tackled.

“To do this, the team is proposing a follow-up post in the next several weeks that talks more broadly about our anti-scraping work and provides more transparency around the amount of work we’re doing in this area.”

Facebook’s goal with this is to “avoid criticism,” which it has seen plenty for downplaying the seriousness of the 533 million user data leak by labeling it as “old data that was previously reported on in 2019.”

While scraping collects information that is already public, gathering data en masse on users of a service could serve ill-intended actors in various attacks like phishing or SIM swapping.

For this reason, services fight this activity by setting up restrictions for the amount of data that can be collected at once or over short periods from a single address.

Available below is the full email that DataNews received by accident is addressed to the PR staff for EMEA region. It includes updates on materials released for users and regualtors as well as a summary of the interest generated among media publications and social conversations.

Source: https://www.bleepingcomputer.com/news/security/facebook-leaks-strategy-to-numb-reaction-to-data-scraping-incidents/