Facebook Does Not Plan to Notify Half-Billion Users Affected by Data Leak

Facebook claims data from 530 million users was obtained by scraping and not a hack.

What We Know:

  • Data scraping is the process of importing information from a website into a spreadsheet or local file saved on a computer. The vulnerability hole was first discovered in 2019, and Facebook says it has only now just closed the flaw that allowed individuals to scrape data prior to September 2019.

“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” Mike Clark, product management director for Facebook, said in Tuesday’s blog post.

  • Personal information stolen from Facebook included names, birth dates, and phone numbers. Although the data is years old, it could still provide valuable information to identity thieves and scammers. Facebook has stated that a technical flaw found in the app’s ability to import contacts from a person’s phone was responsible for the vulnerability. Since the time of the breach, Facebook hasn’t notified any affected users and doesn’t have future plans to do so.
  • The breach did not include passwords or financial information, according to Facebook. The data had previously gone for sale on Telegram in January this year. Telegram is a freeware, cross-platform, cloud-based instant messaging software and application service. Alon Gal is a security researcher responsible for discovering the Telegram bot responsible for selling the data.
  • The bot allows a person to do two things: with someone’s Facebook ID, they can find their phone number and sell the data for a price. In this case, the Facebook data was being sold for credits equal to 20 dollars each. There’s also the option of buying in bulk, with 10,000 credits going for $5,000. Currently, it is unknown whether Telegram has been contacted on taking the bot down.

Facebook CEO Mark Zuckerberg was among those who had their data stolen due to the scraping incident.