Last weekend, a database of records from more than 533 million Facebook accounts – including phone numbers, email addresses, birthdays and other personal details – was reported online. While the leak did not include sensitive information, such as credit cards or social security numbers, the data could still be exploited by bad actors.
Facebook (FB) noted earlier this week that data was extracted from public profiles on its platform in 2019 using its “contact importer” function. The company says it has made quick adjustments to the function to prevent a repeat of such activity.
“In this case, we’ve updated it to prevent malicious actors from using software to mimic our app and upload a large set of phone numbers to see which ones fit Facebook users,” the director said Tuesday. Facebook project management, Mike Clark.
Although the data is from 2019, this week is the first time it was found that it was posted online. Because the data was extracted from public profiles, Facebook told CNN Business, the company cannot be sure about exactly what users should be notified and therefore does not intend to alert people who could be affected.
Instead, Facebook launched a help center page for users concerned that their data might have been published. The page explains that only information that was publicly shared on users ‘profiles at the time of the scraping, which means that the data does not include information that was only shared with users’ friends, for example. It also details how users can adjust their privacy settings.
There are third party websites, including haveibeenpwned.com, where users can search for themselves to see if their personal data has been disclosed.
Facebook also said that “it is working to eliminate this data set and will continue to aggressively pursue malicious actors who misuse our tools whenever possible.”
“Although we cannot always prevent the recirculation of such data sets or new ones from appearing, we have a dedicated team focused on this work,” Facebook wrote on the help page.
It’s been a tough week for data security: In addition to the Facebook disclosure, LinkedIn confirmed Thursday night that in a separate incident, information was taken from 500 million of its user profiles and is now for sale on a website used by hackers.