A data breach involving 533 million Facebook users has been reported, and the company has now responded in a lengthy blog post, claiming that the data is old and was scraped in September 2019. Earlier this year, researcher Alon Gal revealed on Twitter how a Telegram bot was being used to sell Facebook users’ mobile phone numbers.
The organisation has now officially responded to the data breach, saying that the data is old and was scraped in September 2019. Earlier this year, Twitter user Alon Gal revealed how a Telegram bot was being used to sell Facebook users’ mobile phone numbers.
In its response, Facebook attempted to explain that the information was not accessed by breaking into its system. According to a blog post by Mike Clark, Product Management Officer, the information was gathered by “scraping it from our website prior to September 2019.”
“Scraping is a popular technique that often relies on automated software to lift public information from the internet that can end up being published in online forums like this,” the article continues. Facebook’s post goes on to state that the “methods used to access this data set were previously recorded in 2019,” that they took immediate measures after the scraping was found, and that they would not do it again.
“We are assured that the particular problem that allowed them to scrape this data in 2019 no longer exists,” the statement continues. Facebook has since gone on to clarify what happened with the data breach in great detail.
How did this attack happen?
According to Facebook, malicious actors were able to ‘scrape’ or capture too much data from user accounts prior to September 2019 by using the company’s “contact importer.” The functionality is intended to assist users in locating their friends on the service by using their contact lists.
The hackers were able to “query a number of user accounts and access a restricted set of information about those users included in their public profiles,” according to Facebook. It states that no financial data, health data, or passwords were compromised as a result of the breach.
The company says that it made improvements to this tool once it became aware of the issue. The statement continues, “We changed it to prevent malicious actors from using malware to mimic our app and upload a large number of phone numbers to see which ones matched Facebook users.”
How is Facebook going to prevent this from happening again?
Any data scraping is against Facebook’s terms of service, according to the company, which has teams working to identify and prevent such behaviour. It is also seeking to get this data set withdrawn.
Furthermore, Facebook urges users to upgrade their “How People Find and Contact You” control to the most recent version. It’s also a good idea to allow two-factor authentication on Facebook.
The way to find out if your data has been leaked
https://haveibeenpwned.com/ can inform you if your email ID or phone number has been leaked or if it was part of any data breaches. It will also notify you if your details was exposed in the recent Facebook data breach. SafeMe, an Indian app, is another option. It can notify you if your account or email address has been compromised.