KUALA LUMPUR – Social media giant Facebook insists that the leak of personal data of 530 million users – including 11 million Malaysians – to hackers recently was “scraped” from one of its open contact features, and not hacked from its internal systems.
In a blog post on its corporate website, Facebook product management director Mike Clark said malicious actors had obtained the data using a common “scraping” tactic that relies on automated software to lift public information from the internet.
He explained that the data can end up being distributed in online forums, adding that the methods used to obtain the data set were previously reported in 2019.
Clark said Facebook believes the data involved was scraped from people’s Facebook profiles using the platform’s contact importer feature prior to September 2019.
The feature, he said, was designed to help people easily find their friends to connect with on the service using their contact lists.
After Facebook became aware of how malicious actors were using this feature in 2019, the developers made changes to the contact importer, Clark said.
“In this case, we updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users,” he said.
“Through the previous functionality, they were able to query a set of user profiles and obtain a limited set of information about those users included in their public profiles. The information did not include financial information, health information, or passwords.
“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services,” Clark said.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists.”
Over 11 million Malaysians affected
On Monday, local technology portal Lowyat.net reported that over 11 million Malaysian Facebook users are purportedly part of the more than 500 million accounts’ information leaked on an online hackers’ forum recently.
The massive data leak was first reported by Business Insider on April 3, which said the exposed data includes the personal information of over 533 million Facebook users from 106 countries.
This included more than 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India, Business Insider reported.
The number of local users, totalling 11,675,894, was revealed by Alon Gal, who is the co-founder and chief technology officer of Israeli cybersecurity company Hudson Rock.
Gal gave a breakdown of affected accounts according to countries in a tweet on January 14, which was retweeted on April 3.
Other than Facebook IDs, Gal pointed out that users’ phone numbers, full names, locations, past locations, birthdays, relationship statuses, bios, and email addresses are also among details leaked. – The Vibes, April 8, 2021
