Massive Facebook data leak connected to undisclosed 2019 breach

Posted:
in General Discussion
Facebook on Tuesday responded to a recently reported data leak that potentially impacted more than 530 million users, saying the information was likely scraped from its servers in a newly disclosed 2019 incident.

Facebook


Facebook product management director Mike Clark, in what smacks of an attempt to downplay the massive breach, explained the situation in a blog post published to the company's newsroom. Importantly, the post and additional reporting from Wired reveals a previously unreported breach of Facebook's systems.

Clark acknowledges a Business Insider report regarding a massive leak of data related to some 530 million Facebook users, but emphasizes that the information was scraped and not obtained through a hack. He adds that Facebook is "confident" that it rectified the issue.

"We believe the data in question was scraped from people's Facebook profiles by malicious actors using our contact importer prior to September 2019," Clark writes. "This feature was designed to help people easily find their friends to connect with on our services using their contact lists."

The cache of data, which included profile names, Facebook ID numbers, email addresses, locations, dates of birth, and phone numbers, appeared on a hacking forum over the weekend. Facebook initially pointed to a previously reported breach from 2019, but failed to disclose which instance it was referring to. The social network suffered a number of data-related fiascos in recent years, including the inadvertent release of 540 million records and discovered by security firm UpGuard in April 2019.

As reported by Wired, the new store of information was drawn from a vulnerability Facebook found in 2019. The problem, related to the platform's contact importer, was fixed in August 2019.

Facebook claims it disclosed the scraping operation in statements to media outlets, but Wired tracked down the reports and found they were related to an Instagram breach and a separate Facebook platform leak dating back to mid-2018. The company also failed to inform users individually or post a security bulletin on the matter.

Facebook is quickly moving past the issue of public disclosure and is pushing the narrative toward future actions it plans to take in a bid to secure users.

"We're focused on protecting people's data by working to get this data set taken down and will continue to aggressively go after malicious actors who misuse our tools wherever possible," Clark says. "While we can't always prevent data sets like these from recirculating or new ones from appearing, we have a dedicated team focused on this work."

Comments

  • Reply 1 of 8
    22july201322july2013 Posts: 2,001member
    I guess there are no comments here because there's nothing neither surprising nor controversial when Facebook releases a half billion users' personal data.
    bala1234watto_cobra
  • Reply 2 of 8
    marsorrymarsorry Posts: 53member
    I guess there are no comments here because there's nothing neither surprising nor controversial when Facebook releases a half billion users' personal data.
    Couldn’t agree more! Same old Nasty company that hasn’t a clue what it’s doing in security and privacy!
    watto_cobra
  • Reply 3 of 8
    EsquireCatsEsquireCats Posts: 1,102member
    "We're focused on protecting people's data by working to get this data set taken down and will continue to aggressively go after malicious actors who misuse our tools wherever possible," Clark says. "While we can't always prevent data sets like these from recirculating or new ones from appearing, we have a dedicated team focused on this work."

    This is b/s - the data isn't posted by people online for jollies. Instead it forms part of larger data sets that are sold privately, i.e. totally out of Facebook's control. Amusingly the leak contains Zuckerberg's private details including his phone number.
    watto_cobra
  • Reply 4 of 8
    Looks like they will have some explanation to do in the EU, as per GDRP a company has to inform customers when a data breach has happened. Could end up being a very expensive thing.
    lolliverwatto_cobra
  • Reply 5 of 8
    Honest question: In 2021, who are the people still using Facebook? The answer to that demographic question must be intriguing...
    watto_cobra
  • Reply 6 of 8
    badmonkbadmonk Posts: 960member
    FTC investigation and appropriate fines if indicated please.
    watto_cobra
  • Reply 7 of 8
    cincyteecincytee Posts: 321member
    Honest question: In 2021, who are the people still using Facebook? The answer to that demographic question must be intriguing...

    My experience is that more people are using their FB accounts like ISPs had imagined people would use their portal pages: They check it quickly (but regularly) for messages and news, then move on. Of course, many are still on all the time, too. Your disdain, though perfectly reasonable, is not representative of the public at large.
    muthuk_vanalingamwatto_cobra
  • Reply 8 of 8
    OctoMonkeyOctoMonkey Posts: 138member
    Honest question: In 2021, who are the people still using Facebook? The answer to that demographic question must be intriguing...
    It is quite likely Facebook still has the user data of anybody who has even had a Facebook account...  regardless of whether they deleted the account. This would place the information of anybody who has ever had an account at risk.

    Fortunately, some of us have been wise enough to have never participated in (so-called) social media on any platform.
    watto_cobra
Sign In or Register to comment.