Asked by Reuters, Facebook said it did not plan to contact the 533 million users who were victims of a huge data breach. These data have been circulating freely on the Web for a few days.
Yesterday, Facebook explained in a blog post that this data came from the abuse of a contact import feature, a vulnerability that was addressed in September 2019.
If the social network prefers to be silent, it is because it believes it does not know with certainty which users should be contacted. Moreover, those affected would have no way of solving this problem, now that the data is publicly available.
Also to discover in video:
In a blog note, the CNIL nevertheless considers that it is indeed a data breach which, according to the GDPR, requires notification of each victim.
The Irish data protection authority is investigating whether this data was collected before or after the implementation of this European law in 2018. Only Facebook can give this information, but the company has now already indicated that this was not the case.
Legally, this lack of notification from Facebook may be lawful, but it will certainly not strengthen the trust that users have in this social network. Especially since this is not the first time that Facebook has been pinned down in a data breach …
Source : Reuters