National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Η Εθνική Ομάδα Αντιμετώπισης Ηλεκτρονικών Επιθέσεων προβλέπει την αύξηση της ηλεκτρονικής ασφαλείας ενισχύοντας την προστασία του κυβερνοχώρου των Εθνικών Κρίσιμων Πληροφοριακών Υποδομών, των τραπεζών και των παροχών επικοινωνίας της Κυπριακής Δημοκρατίας.

Facebook attributes 533 million users’ data leak to “scraping” not hacking

16 Απριλίου 2021

Facebook has now released a public statement clarifying the cause of and addressing some of the concerns related to the recent data leak.

As reported last week, information of about 533 million Facebook profiles surfaced on a hacker forum.

From the Facebook data samples, almost every user record had a mobile phone number, a Facebook ID, a name, and the member’s gender associated with it.

The company states that the information exposed was not obtained from the hacking of an unsecured system but rather scraped from public profiles, prior to September 2019.

Data leak attributed to web scraping

Facebook has shed some light on the recent data leak comprising 533 million Facebook user profiles, data from which was posted on a hacker forum last week.

In a public statement released a few hours ago, the company states that the leak resulted from bulk scraping of profiles using a large set of phone numbers linked to these profiles, rather than from hacking of the platform:

“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services.”

“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” said Mike Clark, Product Management Director at Facebook in a statement.

Soon enough, after reports of data leak emerged, an EU data regulator, the Data Protection Commission (DPC) of Ireland began investigating the incident.

When details on this data leak had initially disclosed, a Facebook’s spokesperson was quick to declare this as old news related to an issue the company had already remedied:

Facebook believes that malicious actors had scraped the leaked data in question from people’s Facebook profiles by abusing the “contact importer” feature back in September 2019.

“This feature was designed to help people easily find their friends to connect with on our services using their contact lists.”

“When we became aware of how malicious actors were using this feature in 2019, we made changes to the contact importer… to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users,” said the company.

Prior to these changes having been implemented, Facebook’s end

ENISA: Cyber threats require heightened defences

#CyberSecMonth 2017 - Cyber Security in the Home