Facebook in its response has tried to clarify that the data leak did not happen by hacking into its system
A data leak has been reported with details of 533 million Facebook users. By responding to it in a lengthy blog post, the company stated that the data is old and was actually scraped back in September 2019. Earlier in January 2021, researcher Alon Gal on Twitter had posted about a Telegram bot being used to sell mobile phone numbers of Facebook users.
It looks like a lot more of this information is up for sale in the latest round. This information includes email IDs, Facebook IDs, date of birth and gender. Apparently, even Mark Zuckerberg’s details in the data leak were found by researchers, including his phone number, which Gal also highlighted in his latest tweets.
Facebook in its response has tried to clarify that the data leak did not happen by hacking into its system. The company states that the data or rather gathered by “scraping it from our platform prior to September 2019”, according to a blog post by Mike Clark, Product Management Director.
The post goes on to add that “scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this”. Facebook’s post adds that the “methods used to obtain this data set were previously reported in 2019”, adding that they took correctional steps after the scraping was reported and a repeat will not be possible.
The statement adds, “We are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists.” Facebook has also gone on to explain in detail what happened with this data leak.
Facebook states that the malicious actors were able to ‘scrape’ or execute this data leak from user profiles by using the company’s “contact importer prior to September 2019”. The feature is designed to help people find their friends on its service using their contact lists.
According to the company, the hackers were able to “query a set of user-profiles and obtain a limited set of information about those users included in their public profiles”. It insists that no financial information, health information, or passwords were stolen as a result.
The company states that it made changes to this tool, once it became aware of the data leak issue. The statement adds, “We updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users”.
The company states that it has teams working to detect and stop such behaviour, as any kind of scraping of data is against its terms of services. Also, work is going on to get this data set taken down. It adds that there is a “dedicated team focused on this work”.
Further, Facebook is recommending users to update their “How People Find and Contact You” control for making sure it is on the latest version. Also, it is recommending that a user turn on two-factor authentication on Facebook.
To find out if your email ID or phone number has been a part of any data leak or if it was part of some data breaches, you can check it on the website: https://haveibeenpwned.com/. It will also alert if your data made an appearance in the recent Facebook data leak. Another app to use is SafeMe from India, which can alert if your account, email id was compromised.