Facebook on Tuesday said that hackers had “scraped” personal data of 553 million users during a leak in 2019. The social media company’s comments came days after a trove of information was shared over the weekend at a hacker forum.
“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” Facebook Product Management Director Mike Clark said in a blogpost. “This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services.”
Scraping is a tactic that involves using automated software to collect information shared publicly online. The stolen data included phone numbers, birth dates and email addresses. However, it did not include passwords or financial data, according to Facebook.
The data leak of half a billion people came to light first in January when researcher Alon Gal tweeted how a Telegram bot was being used to sell mobile phone numbers of Facebook users. “All 533,000,000 Facebook records were just leaked for free,” Gal tweeted again on April 3. “This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked. I have yet to see Facebook acknowledging this absolute negligence of your data.”
Facebook stated that the “malicious actors” were able collect the data from user profiles by using the company’s “contact importer” feature. The feature was designed to help people find their friends by using their contact lists.
The company said it has now made changes to the tool. “We updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users,” said the social media giant. The company added that “the specific issue that allowed them to scrape this data in 2019 no longer exists”.
However, Facebook Product Management Director Mike Clark urged members of the social network to check their privacy settings to check what information can be seen publicly. He also asked users to tighten their account security with two-factor authentication.
Facebook has nearly 2 billion users worldwide. However, this is not the first time that Facebook has faced a data breach. The social media giant faced severe criticism after the 2016 Cambridge Analytica scandal came to light. The data breach involved harvesting private information of 87 million Facebook users by the British political consulting firm Cambridge Analytica, which worked on Donald Trump’s presidential campaign.