Internal Facebook documents reveal company expects more mass leaks in the future and plans doing nothing about it

In an email leaked to the cybersecurity community, Facebook admits anticipating more massive data leak incidents. This message was addressed to Facebook’s public relations teams in Europe, Africa and the Middle East, although it was leaked to the Belgian press on April 8 by mistake. For many users this is an act of cynicism, because instead of focusing on security issues, the company seems to be waiting for information leaks to be a known fact before acting on it.

As users may recall, a couple of weeks ago a massive leak of more than 500 million records was revealed, involving private user information in more than 100 countries. Many of this data were sold on dark web platforms, which would allow its use in phishing campaigns, identity fraud and other forms of cyberattack. A report indicates that the leak could even contain confidential information from Mark Zuckerberg, CEO and founder of Facebook, in addition to data from other social network executives.

In response to the leaking of this email, a Facebook spokesperson stated: “Our commitment to user safety remains in place. We understand user concerns, so we will continue to strengthen our systems to make it difficult to extract sensitive data.”

However, the company’s internal document seems to imply that Facebook prefers to maintain a more passive stance on this: “We expect more long-term leaks. It is important that people understand this as an inherent problem in using these platforms and normalizing these events,” the leaked report notes. To do this, Facebook security teams propose a follow-up post to broadly address these issues, in an attempt to be more transparent about them.

This message also revealed that Facebook proposes not to make additional comments on the recent mass leak to try to get the discussion on this topic and other related topics diluted in the bottomless sea which is the Internet.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.