The social media company said that it had already fixed a vulnerability in a feature that was misused by malicious actors
Facebook said that the recently reported data leak that could have possibly impacted nearly 530 million users, dates back to 2019 and was due to data scraping.
The social media giant said that the data leak was not caused by any hacking of its systems.
Rather, it was due to some malicious actors collecting the data from users’ Facebook profiles by misusing the ‘contact importer’ feature prior to September 2019.
Last week, a media publication reported that personal details of the affected users, which include phone numbers and other information, were put up on a hacking forum.
According to Facebook, contact importer was designed to enable its users to easily find their friends to connect with on its platform by using their contact lists. The social media firm said that it had made changes to the feature after coming to know how malicious actors were misusing it in 2019.
The company stated: “We have teams dedicated to addressing these kinds of issues and understand the impact they can have on the people who use our services.”
Facebook revealed that it had updated the contact importer feature to ensure that malicious actors could not use software to mimic its app and upload a huge set of phone numbers to check which ones matched the social media site’s users.
The company said that the previous functionality had let the malicious actors to query a set of user profiles and collect a limited set of details about the users, which were included in their public profiles.
Facebook said that the information collected through the data scraping did not have financial information, health details, or passwords.
The company said that data scraping using features intended to help people violates its terms and that its teams work on identifying and preventing such behaviours.
Facebook stated: “We’re focused on protecting people’s data by working to get this data set taken down and will continue to aggressively go after malicious actors who misuse our tools wherever possible. While we can’t always prevent data sets like these from recirculating or new ones from appearing, we have a dedicated team focused on this work.”
Meanwhile, Ireland’s Data Protection Commission has started a probe into the Facebook data leak episode. The Irish data watchdog is seeking replies from the social media firm regarding the incident.