Refutes claims 530 million users’ social media pages accessed through hacking.
Social media giant, Facebook has released a statement rebutting claims personal user data was accessed through hacking.
According to Mike Clark product management director at Facebook, on April 3 Business Insider published a story saying that information from more than 530 million Facebook users had been made publicly available in an unsecured database.
“We have teams dedicated to addressing these kinds of issues and understand the impact they can have on the people who use our services,” noted Clark. “It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019.”
Clark states scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this. The methods used to obtain this data set were previously reported in 2019.
“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services,” Clark said. “As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists. But since there’s still confusion about this data and what we’ve done, we wanted to provide more details here.”
According to Facebook it believes the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019. This feature was designed to help people easily find their friends to connect with on our services using their contact lists.
“When we became aware of how malicious actors were using this feature in 2019, we made changes to the contact importer,” said Clark. “In this case, we updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users.”
Through the previous functionality, they were able to query a set of user profiles and obtain a limited set of information about those users included in their public profiles. The information did not include financial information, health information or passwords.
Keeping accounts safe
Scraping data using features meant to help people violates our terms. We have teams across the company working to detect and stop these behaviours.
“We’re focused on protecting people’s data by working to get this data set taken down and will continue to aggressively go after malicious actors who misuse our tools wherever possible,” Clark said. “While we can’t always prevent data sets like these from recirculating or new ones from appearing, we have a dedicated team focused on this work.”
Facebook said it had addressed the issue identified in 2019, but users must make sure that their settings align with what they want to be sharing publicly.
“In this case, updating the “How People Find and Contact You” control could be helpful,” Clark noted. “We also recommend people do regular privacy check-ups to make sure that their settings are in the right place, including who can see certain information on their profile and enabling two-factor authentication.”