An internal email intended for Facebook’s PR team was accidentally leaked claiming the platform intends to “normalise” mass data scraping incidents.
Facebook hasn’t been having a good time recently, and much of that is really their own fault.
Only a few weeks ago, personal data on over 500 million Facebook users was being passed around on underground hacking forums.
The data, it seems, was originally scraped from Facebook back in 2019 by exploiting a vulnerability that allowed crooks to collect vast amounts of public facing information on millions of users. Facebook claimed they fixed the vulnerability in 2019 as soon as it was reported to them.
Sponsored Content. Continued below...
(That’s not strictly true, since security researchers claimed they reported it to Facebook in 2017.)
That, naturally, leads to bad headlines for Facebook. But since it was defined as a data scraping incident and not a full-on data hack, it could have been much worse. Data scraping is where crooks – using automated software – collect vast amounts of information on users, but the information is public. This means the crooks didn’t “hack” Facebook in order to access private information.
But still, social platforms like Facebook have an obligation to prevent these mass data scraping events taking place. After all, no one wants their personal information being collected and distributed in forums frequented by cyber crooks. It puts them in the crosshairs for a number of different scams, especially phishing attacks.
However in another hiccup for the Internet’s largest social media site, an internal email intended for Facebook’s PR team in the EMEA region was accidentally sent to the last person you want an internal email accidentally sent to. A journalist.
Pieterjan Van Leemputten from the Belgian outlet DataNews was the recipient of the email, which details how Facebook’s long term strategy is to effectively “normalise” data scraping by highlighting it as an industry-wide issue.
Sponsored Content. Continued below...
The email first explains that the negative headlines over the data scraping should start to go away after the weekend. That is to say, keep your mouths closed and this will all soon go away.
Then the email revealingly claims that the platform “expects more scraping incidents” and goes on to explain that scraping activity happens “regularly”. Here is that excerpt from the email –
LONG TERM STRATEGY: Assuming press volume continues to decline, we’re not planning additional statements on this issue. Longer term, though, we expect more scraping incidents, and think it’s important to both frame this as a broad industry issue and normalize the fact that this activity happens regularly. To do this, the team is proposing a follow-up post in the next several weeks that talks more broadly about our anti-scraping work and provides more transparency around the amount of work we’re doing in this area. While this may reflect a significant volume of scraping activity, we hope this will help to normalize the fact that this activity is ongoing and avoid criticism that we aren’t being transparent about particular incidents.
It’s perhaps one more reason to add to the mountain of existing reasons why many of us should be rethinking our relationship with social media. It’s great to connect with friends and family, but when it comes to parting with our personal information? It seems Facebook realises that data breaches and data scraping isn’t going away anytime soon, to the point where they’re marketing strategy is to actually normalise it.
Maybe it’s time to review what information about yourself you’re sharing with the platform, and if you would want to see it in the hands of cyber crooks?
As for Facebook, don’t expect them to feel too bad next time bad actors manage to scrape more of your personal data. Haven’t you heard? It’s normal.