Por Elizabeth Culliford
Apr 7 (Reuters) – Facebook Inc failed to notify the more than 530 million users whose information was obtained through misuse of a feature prior to 2019, which was recently made public in a database, and currently has no plans to do so, a company spokesman said Wednesday.
Business Insider had reported last week that phone numbers and other details of user profiles were available in a public database.
Facebook said in a blog post on Tuesday that “malicious agents” had obtained the data before September 2019 from the profiles, taking advantage of a vulnerability in the platform’s tool to synchronize contacts.
The Facebook spokesperson said the social media company decided not to notify users because it wasn’t sure who it should report to, because people couldn’t fix the problem, and because the data was publicly available.
Facebook has said it closed the gap after identifying the problem at the time.
The information scanned did not include financial, health or password data, Facebook said. However, the collated information could provide valuable intelligence for hacks or other abuses.
Facebook, which has long been under scrutiny over how it handles user privacy, reached a landmark settlement with the U.S. Federal Trade Commission in 2019 following allegations that the company misused data from people.
The July 2019 FTC settlement requires Facebook to report details of unauthorized access to data from 500 or more users within 30 days of confirming an incident.
The Facebook spokesperson declined to comment on the company’s conversations with regulators, but said it was in contact to answer their questions.
(Report by Elizabeth Culliford in New York, Edited in Spanish by Javier López de Lérida)