Facebook has revealed details of the data leak of more than half a billion users. The blog post of the social network says that the reason for the data leakage of 533 million users was not attackers hacking into its systems, but web scraping – a quick search for users through a contact list.
The company assures that the data leak was related to a vulnerability of the contact importer feature, which Facebook reportedly fixed in August 2019. The leaked data did not include financial information, health data, or passwords.
"It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019," the statement said.
Сybercriminals managed to collect the database by exploiting a vulnerability in the Facebook contact import system and specialized software, which were designed "to help people easily find their friends to connect with on our services using their contact lists." The initial functionality allowed to set a group of user profiles and receive certain information about those who had public accounts.
Since the feature vulnerability was fixed, Facebook now believes that there is no way to steal data using web scraping.
On April 3, Business Insider reported that the personal data of more than 533 million Facebook users were freely available on a hacker forum. Full names of users, their dates of birth, biographies, mobile phone numbers, and even email addresses were published online. The cybercriminals probably used to sell the same data through a special bot.
Most of the users whose personal data hackers got access to are from the USA, Great Britain, and India, and in general, the data leak affected users from 106 countries of the world.