I didn’t receive that terrifying notice from Facebook explaining that an incomprehensible amount of my private information and identifying data had been stolen by unknown hackers, but people close to me did. Now, an uncertain number of people with possibly malicious intent know fairly intimate details about them. And that data can be sold to others with malicious intent. They know their most recent phone number, the last 10 real-world locations they’ve checked in to, who they’ve searched for on Facebook, their email addresses, their religious preference, where they work, and in some cases the contents of posts they’ve made and who they’ve talked to on Messenger.
That’s disturbing, infuriating and creepy. I shudder to think how my loved ones could be targeted with the stolen information, because information isn’t stolen without motivation — something Facebook is still trying to determine alongside the FBI.
As my colleague Kalev Leetaru calls out, the most sinister issue with Facebook’s latest data breach may not be the breach itself, but Facebook’s response to affected users. Specifically its refusal to give users helpful and detailed information that may aid them in preventing future identity fraud or phishing attacks that could target them as a direct result of this privacy violation.
“This raises the question of why Facebook did not offer each affected user a PDF download that contained a complete and exhaustive inventory of every single piece of information accessed from their profile by the attackers,” Leetaru says.
Adding to the unease is Facebook’s response to reporters about the scope of this attack. Their response, according to Leetaru, was the following: “[we are] still looking at other ways the people behind this attack may have used Facebook and we haven’t ruled out the possibility of smaller-scale, low-level access attempts during the time the vulnerability was exposed. Our investigation into that continues.”