Last weekend, it was reported that a database containing details of more than 533 million Facebook accounts – including phone numbers, email addresses, birthdays, and other personal information – had been shared online. Although the leak did not contain sensitive information such as credit card or social security numbers, the data could still be misused by bad actors.
Facebook FB noted earlier this week that the data was scraped from public profiles on his platform in 2019 using the “contact importer” feature. The company says it has made quick adjustments to the feature to prevent such activities from happening again.
“In this case, we updated it to prevent malicious actors from using software to impersonate our app and upload a large number of phone numbers to see which ones correspond to Facebook users,” said Mike Clark, director of Facebook Project Management in a blog post Tuesday.
Although the data is for 2019, it is the first time they have been posted online this week. With the data removed from public profiles, Facebook told CNN Business, the company cannot be sure exactly which users should be notified and therefore has no plans to warn individuals who may have been affected.
Instead, Facebook has released a help center page for users who were concerned that their data may have been released. The page explains that only information that was shared publicly on user profiles at the time of scraping, which means that the data does not contain information that was only shared with, say, friends of users. It also specifies how users can adjust their privacy settings.
There are third party websites, including haveibeenpwned.com, where users can search themselves to see if their personal information has been leaked.
Facebook also said it is “working to remove this dataset and will continue to aggressively search for malicious actors who misuse our tools where possible.”
“While we can’t always prevent such datasets from recirculating or new ones from appearing, we have a dedicated team dedicated to this work,” Facebook wrote on the help page.
It has been a tough week for data security: In addition to the Facebook disclosure, LinkedIn confirmed on Thursday evening that in a separate incident, information had been scraped from 500 million user profiles and is now available for purchase on a site used by hackers.