A hack of millions of Facebook users’ data has revealed that the company’s CEO Mark Zuckerberg uses the secure messaging app Signal, one of the main competitors of the Facebook-owned WhatsApp.
Dave Walker, a cybersecurity researcher, discovered that Zuckerberg was among more
than 533 million Facebook users whose information was leaked in the 2019 hack, Mashable reported.
In another turn of events, Mark Zuckerberg also respects his own privacy, by using a chat app that has end-to-end encryption and isn't owned by @facebook
This is the number associated with his account from the recent facebook leak. https://t.co/AXbXrF4ZxE
— Dave Walker (@Daviey) April 4, 2021
“In another turn of events, Mark Zuckerberg also respects his own privacy, by using a
chat app that has end-to-end encryption and isn’t owned by @facebook,” Walker tweeted,
along with a photo of Zuckerberg’s redacted phone number, which he linked to a Signal account.
Signal, one of WhatsApp’s main competitors, is an encrypted messaging app,
meaning that the company cannot access any messages or calls made by users on the app.
After the news broke of Zuckerberg’s supposed use of Signal, the company retweeted a
link to the story writing: “With the May 15th WhatsApp Terms of Service acceptance
deadline fast approaching, Mark leads by example.”
public outcry over privacy concerns. In a recent blog post, the company said the update
will not affect personal messages and that the changes are related to “optional business features.”
Details from more than 533 million Facebook users have been found available on a website for hackers.
The information appears to be several years old, but it is another example of the vast
amount of information collected by Facebook and other social media sites, and the limits
to how secure that information is.
The availability of the data set was first reported by Business Insider. According to that
publication, it has information from 106 countries including phone numbers,
Facebook IDs, full names, locations, birthdates, and email addresses.
“This is old data that was previously reported on in 2019,” the Menlo Park, California-
based company said in a statement. “We found and fixed this issue in August 2019.”
Clark said the method used to obtain these data exploited a vulnerability in Facebook’s contact importer, a tool that allows users to find the Facebook profiles of people in their phone contacts. Facebook says it fixed that particular vulnerability in August 2019, and that it was previously reported on.
This would mean it wasn’t obliged to notify anyone about a new breach.
However, as reported by Wired’s Lily Hay Newman, Facebook’s timeline doesn’t quite make sense.
Facebook’s post links to a September 2019 CNET article as an example of previous reporting on the data leak. CNET’s article refers back to a September 2019 article from TechCrunch, which details a server containing the data of 419 million Facebook users being exposed online.
A Facebook spokesperson told TechCrunch in 2019: “This data set is old and appears to have information obtained before we made changes last year  to remove people’s ability to find others using their phone numbers.”
Given that Facebook has said the vulnerability for the most recent data breach was only plugged in August 2019, this would suggest the dataset mentioned by the CNET and TechCrunch articles is different to the one Insider reported last week.
Newman also reported there are observable differences in the two datasets, for example in the proportion of users from different countries.
The company did not immediately respond to SA TIMES News when asked to clarify.
Facebook must be precise in its statements about exactly what data was leaked and when, or else it could draw the ire of regulators.
Facebook reached a settlement with the FTC in July 2019, which requires it to report security breaches to the agency.
Ireland’s Data Protection Commission (DPC) announced Tuesday it was looking into the data set, and whether it contained leaked data that wasn’t previously reported.
According to the DPC, Facebook said the recent data set could have been cobbled together from older breaches. “The data at issue appears to have been collated by third parties and potentially stems from multiple sources,” Facebook said.