Following reports that 530 million Facebook users had their information publicised, the social media platform has said that the data leak was a result of “scraping” rather than a hack of its system.
The social media giant said that malicious actors obtained the data by scraping it from the platform before September 2019.
Last week Business Insider reported that personal details, including phone numbers, were available on a public database.
Facebook believes that the data was scraped using its contact importer, a feature designed to help people easily find their friends to connect with on our services using their contact lists.
Scraping is a technique that often uses automated software to obtain public information from the internet that can be distributed in online forums.
According to Facebook, when it realised how malicious actors were using its contact importer to scrape data, it made changes to the feature.
“The methods used to obtain this data set were previously reported in 2019,” said Facebook product management director Mike Clark. “This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services.”
He said that as a result of the action Facebook has taken, the company is “confident” the issue that allowed them to scrape the data in 2019 “no longer exists.”
“In this case, we updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users,” explained Clark. “Through the previous functionality, they were able to query a set of user profiles and obtain a limited set of information about those users included in their public profiles. The information did not include financial information, health information or passwords.”
The platform said that it is working to get the data set taken down.
Recent Stories