A recent breach at Facebook claims to have exposed the personal information of as many as 533 million Facebook users on the web including the user’s phone number, Facebook ID, birthdates, and more. However, Facebook in a statement said that the data has not been obtained through their system and has been scrapped from their platform before September 2019.
This means that Facebook has no plans to let the users know about the breach that took place on a large scale. A Facebook spokesperson confirmed the same to Reuters that the company does not plan to notify the users that might be affected in the data leak. He also said that “it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users”.
On Tuesday, the company posted a blog and admitted the breach took place but back in 2019. “It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019. This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services”, the blog read.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists. But since there’s still confusion about this data and what we’ve done, we wanted to provide more details here”, it further added.
As per Facebook, the data was scraped by cybercriminals using the contact importer feature way back in 2019 and the company updated it at that time only, to prevent malicious actors from using software to imitate its app and upload a large set of phone numbers to see which ones matched Facebook users.
“Through the previous functionality, they were able to query a set of user-profiles and obtain a limited set of information about those users included in their public profiles. The information did not include financial information, health information, or passwords”, the blog read. However, security researchers claim the breach is more fresh and not an old one.