A Facebook data leak with details of 533 million users has been reported, and the company has now officially responded to it in a lengthy blogpost, stating that the data is old and was actually scraped back in September 2019. Earlier in January this year, researcher Alon Gal had posted on Twitter how a Telegram bot was being used to sell mobile phone numbers of Facebook users.
In the latest round, it looks like a lot more of this information is up for sale, including email IDs, Facebook IDs, date of birth gender. Apparently, researchers even found Mark Zuckerberg’s details in the leak, including his phone number, which Gal also highlighted in his latest tweets.
Facebook in its response has tried to clarify that the data was not stolen by hacking into its system. The company states that the data or rather gathered by “scraping it from our platform prior to September 2019,” according to a blog post by Mike Clark, Product Management Director.
The post goes on to add that “scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this.” Facebook’s post adds that the “methods used to obtain this data set were previously reported in 2019,” adding that they took correctional steps after the scraping was reported and a repeat will not be possible.
The statement adds, “we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists.” Facebook has also gone on to explain in detail what happened with this data leak.
How did malicious actors ‘scrape’ so much data of users?
Facebook states that the malicious actors were able to ‘scrape’ or collect so much of this data from user profiles by using the company’s “contact importer prior to September 2019.” The feature is designed to help people find their friends on its service using their contact lists.
According to Facebook, the hackers were able to “query a set of user profiles and obtain a limited set of information about those users included in their public profiles.” It insists that no financial information, health information or passwords were stolen as a result.
The company states that once it became aware of the issue, it mades changes to this tool. “We updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users,” adds the statement.
What is Facebook doing to ensure this doesn’t happen again?
Facebook states that any kind of scraping of data is against its terms of services and it has teams working to detect and stop such behaviour. It is also working to get this data set taken down. It adds that there is a “dedicated team focused on this work.”
Further, Facebook is recommending users update their “How People Find and Contact You” control to ensure it is on the latest version. It is also recommending that a user turn on two-factor authentication on Facebook.
How do to check if your data was in this Facebook data leak?
A reliable website for the same is https://haveibeenpwned.com/, which will let you know where all your email ID or phone number has been leaked or if it was part of some data breaches. It will also alert if your data made an appearance in the recent Facebook leak. Another app to use is SafeMe from India, which can alert if your account, email id was compromised.