A data breach affecting 533 million Facebook users has been documented, and the company has now replied in a lengthy blog post, saying that the data is old and was scraped in September 2019. Earlier this year, researcher Alon Gal revealed on Twitter how a Telegram bot was being used to sell Facebook users’ mobile phone numbers.
In the most recent round, it appears that a lot more of this content, including email IDs, Facebook IDs, and date of birth gender, is for sale. According to reports, researchers discovered Mark Zuckerberg’s personal information in the leak, including his phone number, which Gal also mentioned in his recent tweets.
Facebook has now responded to the article with an explanation of what occurred.
Hackers accessed user data by scraping it from Facebook’s systems, according to a blog post. The social media giant explained that it was scraped rather than hacked, and that it occurred before September 2019. “Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this”, Facebook explains.
Facebook stated that malicious actors scraped this information from people’s Facebook profiles using the platform’s contact importer. This feature was developed by Facebook to make it easier for users to communicate with friends from their contact lists. This was first recorded in 2019, and Facebook replied by updating the communication importer to prevent data scraping. The company went on to say that the information gathered did not include financial and health information, or passwords.
The company claims that it made improvements to this tool once it became aware of the issue. Facebook explained that they made changes to prevent malicious actors from using malware to mimic Facebook app and upload a large number of phone numbers to see which ones matched Facebook users.
Any data scraping is against Facebook’s terms of service, according to the company, which has teams working to identify and prevent such actions. It is also seeking to get this data set withdrawn. There is also a “dedicated team focused on this work,” according to the statement.
Furthermore, Facebook advises users to update their “How People Find and Contact You” control to the most recent version. It’s also a good idea to allow two-factor authentication on Facebook.
Haveibeenpwned.com, a third-party website, makes it easy to search by entering your email address. The website notifies you when there is any data breach associated with your email.