Facebook is attributing a reported data leak withto a vulnerability that it previously identified in 2019. Malicious actors exploited a Facebook feature released in 2019 by using a method of scraping, an often automated process of netting unsecured public data, the company said in a blog post. Facebook said it has since taken action to prevent further exploitation of this feature.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” wrote Mike Clark, product management director for Facebook, in the blog post on Tuesday.
Personal information on hundreds of millions of Facebook users, including names, birth dates and phone numbers, was reportedly posted to a website for hackers. The data set contains information on 533 million users from 106 countries, according to Business Insider, which first reported on its availability. The data appears to be years old but could still provide valuable information to identity thieves and scammers.
Facebook said the technical flaw that created the vulnerability was found in the app’s ability to import contacts from a user’s phone. The captured data was previously reported on in January, after appearing for sale on Telegram. The dataset is now apparently available for free.
To check whether a particular Facebook account was affected, users can search the breach-tracking website Have I Been Pwned.