Facebook Inc on Tuesday said a recently reported data leak affecting potentially 530 million users stemmed from a misuse of a feature in 2019 and that the company had plugged the hole after identifying the problem at the time.
Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the social media service’s tool to sync contacts.
The company said it identified the issue at the time and modified the tool.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” Facebook said in a blog post.
Last week it was reported that information on more than 500 million Facebook Inc users — including phone numbers and other data — is being offered by an individual virtually for free.
The database appears to be the same set of Facebook-linked telephone numbers that has been circulating in hacker circles since January and whose existence was first reported by tech publication Motherboard, according to Alon Gal, co-founder of Israeli cybercrime intelligence firm Hudson Rock.