The privacy watchdog is conducting initial inquiries into the latest Facebook data leak which exposed the personal information of 553 million users, including 7.3 million Australians.
A user in a low-level hacking forum on Saturday posted personal data of over 500 million Facebook users, including phone numbers, full names, location, email address, and biographical information, according to Business Insider, which first reported the incident.
Security experts warned the private information could be used to improperly access people’s accounts and commit fraud.
Facebook has sought to downplay the incident, saying the information was “scraped” using a since removed feature to import contacts and “not through hacking our systems”.
Australia’s privacy watchdog, the Office of the Australian Information Commissioner (OAIC), told InnovationAus the incident is on its radar.
“The OAIC is conducting inquiries into the issue reported in the media and seeking to establish the facts and circumstances, including the extent to which the personal information of Australians may have been impacted,” an OIAC spokesperson said.
Facebook’s defence is the malicious actors obtained the data by “scraping” information from a contact importer tool rather than hacking the platform, and the did not include financial information, health information or passwords.
“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services,” Facebook’s product management director Mike Clarke wrote in a blog post on the incident.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists.”
The Facebook company post does recommend, however, that users update their settings for how they can be contacted on the platform and conduct a privacy check up, including enabling two factor authentication – the standard advice following data breaches.
The OAIC is currently pursuing the social media giant court regarding the data breach at the centre of the Cambridge Analytica scandal.
The Commissioner’s case was boosted in September last year when a Federal Court judge ruled she had established a prima facie case that Facebook was carrying on business in Australia, and was collecting and holding personal information in Australia at the relevant time.
Do you know more? Contact James Riley via Email.