Facebook said Tuesday that hackers “scraped” personal data of some half-billion users back in 2019 by taking advantage of a feature designed to help people easily find friends using contact lists.
A trove of information about more than 530 million Facebook users was shared over the weekend at a hacker forum, prompting the leading social network to explain what happened and call on people to be vigilant about privacy settings.
“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” Facebook product management director Mike Clark said in a post.
“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services.”
The data included phone numbers, birth dates, and email addresses, and some of the data appeared to be current, according to US media reports.
The stolen data did not include passwords or financial data, according to Facebook.
Scraping is a tactic that involves using automated software to gather up information shared publicly online.
“All 533,000,000 Facebook records were just leaked for free,” Alon Gal, chief technology officer at the Hudson Rock cybercrime intelligence firm, said Saturday on Twitter.
He denounced what he called the “absolute negligence” of Facebook.
“Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” Gal said on Twitter.
Clark urged members of the social network to check their privacy settings to control what information can be seen publicly, and to tighten account security with two-factor authentication.
This is not the first time leaks or use of data from the world’s largest social network — with nearly two billion users — has embroiled Facebook in controversy.
In 2016, a scandal around Cambridge Analytica, a British consulting firm that used the personal data of millions of Facebook users to target political ads, cast a shadow over the social network and its handling of private information.