On April 3, 2021, Business Insider reported that information relating to over 530 million Facebook accounts had been made publicly available online. It is estimated that 3.49 million accounts belong to Canadians and the leaked data included names, locations, birthdates, email addresses, and other identifying information. 

In response, Facebook issued a news release that stated that the information was not leaked through a recent hack, but was the resurgence of data that was taken from the platform in 2019. Facebook claimed that the information was obtained via data scraping, where automated software is used to obtain public information from the internet and distribute it to online forums. The company believes that malicious actors took advantage of the vulnerability in Facebook’s contact importer feature, which is designed to help users easily find and connect with friends through their contact lists. Through exploiting the feature, the malicious actors were able to obtain information from users’ public profiles. Facebook has assured the public that the malicious actors had limited access to users’ information and the leaked data did not include financial information, health information, or passwords.

The news release also stated that Facebook made changes to its contact importer feature in 2019 to address the issue. More specifically, it modified the feature to prevent malicious actors from imitating the Facebook app and uploading a large set of phone numbers to find matching Facebook users. Facebook stated that it will work to get the data set taken down and that it will continue to combat the misuse of its platform’s features.

Summary By: Imtiaz Karamat


21 04 14

Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.

E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.