National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Η Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων προβλέπει την αύξηση της ηλεκτρονικής ασφαλείας ενισχύοντας την προστασία του κυβερνοχώρου των Εθνικών Κρίσιμων Πληροφοριακών Υποδομών, των τραπεζών και των παροχών επικοινωνίας της Κυπριακής Δημοκρατίας.

ΕΛΛΗΝΙΚΑ
Helpline: 1490
ΕΛΛΗΝΙΚΑ

Facebook attributes 533 million users’ data leak to “scraping” not hacking

16 April 2021

Facebook has now released a public statement clarifying the cause of and addressing some of the concerns related to the recent data leak.

As reported last week, information of about 533 million Facebook profiles surfaced on a hacker forum.

From the Facebook data samples, almost every user record had a mobile phone number, a Facebook ID, a name, and the member’s gender associated with it.

The company states that the information exposed was not obtained from the hacking of an unsecured system but rather scraped from public profiles, prior to September 2019.

Data leak attributed to web scraping

Facebook has shed some light on the recent data leak comprising 533 million Facebook user profiles, data from which was posted on a hacker forum last week.

In a public statement released a few hours ago, the company states that the leak resulted from bulk scraping of profiles using a large set of phone numbers linked to these profiles, rather than from hacking of the platform:

“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services.”

“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” said Mike Clark, Product Management Director at Facebook in a statement.

Soon enough, after reports of data leak emerged, an EU data regulator, the Data Protection Commission (DPC) of Ireland began investigating the incident.

When details on this data leak had initially disclosed, a Facebook’s spokesperson was quick to declare this as old news related to an issue the company had already remedied:

Facebook believes that malicious actors had scraped the leaked data in question from people’s Facebook profiles by abusing the “contact importer” feature back in September 2019.

“This feature was designed to help people easily find their friends to connect with on our services using their contact lists.”

“When we became aware of how malicious actors were using this feature in 2019, we made changes to the contact importer… to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users,” said the company.

Prior to these changes having been implemented, Facebook’s end

Working towards a trusted and cyber secure Europe

Protect your cyber hygiene

Cyber Europe 2022 [exercise]

Cyber threats require heightened defences

News
Απλές και καθημερινές συμβουλές ασφάλειας στον κυβερνοχώρο για τα παιδιά και τους γονείς Πώς να ελέγξετε αν το τηλέφωνό σας έχει παραβιαστεί; 5 σημάδια για να καταλάβετε Κυβερνοασφάλεια: Ένα ασφαλέστερο διαδίκτυο αρχίζει μαζί με την νέα σχολική χρονιά… Κενό ασφαλείας WinRAR χρησιμοποιείται σε επιθέσεις Zero-Day Μνημόνιο Συνεργασίας μεταξύ του Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα (ΕΠΔΠΧ) και του Επιτρόπου Επικοινωνιών (ΕΕ) Μνημόνιο Συναντίληψης και Συνεργασίας μεταξύ της Αρχής Ψηφιακής Ασφάλειας και του Κυπριακού Εμπορικού και Βιομηχανικού Επιμελητήριου Συναντήσεις Επιτρόπου Επικοινωνιών κ. Γιώργου Μιχαηλίδη στα γραφεία της ITU Ευρώπης στην Γενεύη. Ο Βοηθός Επίτροπος Επικοινωνιών κ. Πέτρος Γαλίδης στον Alpha Κύπρου Πώς να αποτρέψετε τις επιθέσεις Ransomware: Οι 10 καλύτερες πρακτικές για το 2023 Επίτροπος Επικοινωνιών, Γιώργος Μιχαηλίδης στο ΚΥΠΕ: Στις 700 αυξάνει τις κρίσιμες υποδομές η οδηγία NIS