The memo was made public by Belgian publication Data News on April 8. It has ostensibly meant to be seen only by Facebook's PR staff in Europe, the Middle East and Africa.
The data breach, which involved data from users across 106 countries, occurred back in 2019. But the database, a treasure trove of personal information, was only freely published this year.
That said, even before it was posted on a hacker forum, the database had already been sold and resold privately by various individuals who likely took advantage of it. (Related: Massive data breach leads to leak of 533 million Facebook user accounts, but Facebook won't even alert its own users.)
The leaked memo indicates that Facebook expected the problem and planned to frame it as an industry problem that was a normal occurrence.
"In the long term we expect more scraping incidents and it is important to frame this as a sector problem and normalize that this happens regularly," the memo reads.
"To do this, the team proposes a follow-up post in the coming weeks that talks more broadly about our anti-scraping work and provides more transparency around the work we do here," it adds. "'This may reflect much of the scraping activity, we hope this helps normalize the fact that this is ongoing and avoid the criticism that we are not transparent about specific incidents."
Talking to the BBC, a Facebook confirmed that the memo was genuine, stating: "We understand people's concerns, which is why we continue to strengthen our systems to make scraping from Facebook without our permission more difficult and go after the people behind it."
"That's why we devote substantial resources to combat it and will continue to build out our capabilities to help stay ahead of this challenge," the company added.
A Facebook representative later added that other networks, such as LinkedIn and Clubhouse, had also faced similar "data scraping" issues.
As for its own breach, Facebook has reiterated that the data was old – coming from 2019 – and that the issue that allowed it to be scraped had already been fixed that year. It also denied any wrongdoing, saying that the data was scraped from publicly available information on the site.
Alongside publishing the leaked memo, Data News also questions Facebook's assertion that the issue that allowed the data to be scraped had already been fixed. The Belgian outlet pointed to ethical hacker Inti De Ceukelaire, who warned Facebook about its security issues two years ago, saying that it was possible to find a person's phone number via Facebook.
When asked about the leaked memo by BBC, De Ceukelaire said that it "revealed what we have suspected for a long time but now it is there in black and white - Facebook cares more about its reputation than informing its users."
"At first they were completely silent," he said. "Then they gave the press one sentence about how the data was old and when that didn't work they started talking about how it was all about scraping rather than Facebook's own system."
De Ceukelaire also refuted Facebook's claim about the data being old. He stated that people don't usually change their phone numbers that often and also that Facebook's original privacy settings for phone numbers were extremely confusing.
Follow TechGiants.news for the latest news about the Facebook data breach.
Sources include: