Facebook acknowledged that hackers ‘scraped’ personal data of around half-billion users back in 2019 by taking advantage of a feature that was designed to help people easily find friends using contact lists.
A trove of information of over 530 million Facebook users was allegedly shared at a hacker forum, prompting the leading social network to explain what happened and request users to be vigilant about privacy settings.
“It is important to understand that malicious actors obtained this data not through hacking our systems, but by scraping it from our platform prior to September 2019. This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services, ” Facebook product management director Mike Clark said.
The data included phone numbers, birth dates, and email addresses, and some of the data appeared to be current, according to US media reports.
The stolen data did not include passwords or financial data, Facebook clarified.
Scraping is a tactic that involves using automated software to gather up information shared publicly online.
“All 533,000,000 Facebook records were leaked for free,” Alon Gal, CTO at the Hudson Rock cybercrime intelligence firm, said on Twitter.
He denounced Facebook’s ‘absolute negligence’.
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” Gal said.
Clark urged members of the social network to check their privacy settings to control what information can be seen publicly, and to tighten account security with two-factor authentication.
This is not the first time leaks or use of data from the world’s largest social network has embroiled Facebook in controversy.
In 2016, a scandal around Cambridge Analytica, a British consulting firm that used the personal data of millions of Facebook users to target political ads, cast a shadow over the social network and its handling of private information.