In response to the hype regarding the recent data dump incident, Facebook has finally opened up. In their statement, Facebook responds by clarifying that the data leak was not a result of hacking Facebook platforms. Rather it might have come up via data scraping.
Facebook Responds To 533 Million Data Leak Incident
In the post, Mike Clark, Product Management Director, Facebook, has explained that the attackers didn’t obtain the users’ data by hacking Facebook systems. Rather they scraped the platform to collect the details.
Briefly, Facebook elaborated that the incident caught Facebook’s attention in 2019 when it detected the abuse of a platform vulnerability. The bug resided in the “contact importer” feature that Facebook designed to let users find and connect with people on Facebook via phone numbers in their contact list. As stated in the post,
They were able to query a set of user profiles and obtain a limited set of information about those users included in their public profiles. The information did not include financial information, health information or passwords.
Upon detecting the activity, Facebook updated the contact importer to prevent malicious abuse.
Regarding how users can prevent becoming a victim to such activities, Facebook states,
While we addressed the issue identified in 2019, it’s always good for everyone to make sure that their settings align with what they want to be sharing publicly. In this case, updating the “How People Find and Contact You” control could be helpful. We also recommend people do regular privacy checkups to make sure that their settings are in the right place, including who can see certain information on their profile and enabling two-factor authentication.
Check Your Phone Number For Appearance In The Data Dump Via These Tools
While Facebook was busy crafting a response to the incident, the cybersecurity community worked out to develop tools for the public.
After the news surfaced online, people got concerned about whether they have been a victim of this incident or not. Users kept asking for ways to access the database to verify if their phone numbers remained safe.
Thus, addressing these issues, Troy Hunt of HaveIBeenPwned has uploaded the data (with phone numbers) to the HIBP website.
While numerous other tools also surfaced online that people developed privately to facilitate Facebook users. However, it’s always nice to avoid entering phone numbers (or other personal details) to random websites.
Thus, we recommend all the readers to visit HaveIbeenPwned only to check for the possible exposure of their phone number(s).