Facebook Inc on Tuesday said a recently reported data leak affecting potentially 530 million users stemmed from a misuse of a feature in 2019 and that the company had plugged the hole after identifying the problem at the time.
Business Insider reported last week that phone numbers and other details from user profiles were available in a public database. Facebook said “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the social media service’s tool to sync contacts.
The company said it identified the issue at the time and modified the tool.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” Facebook said in a blog post.
The database appears to be the same set of Facebook-linked telephone numbers that has been circulating in hacker circles since January and whose existence was first reported by tech publication Motherboard, according to Alon Gal, co-founder of Israeli cybercrime intelligence firm Hudson Rock.
An attempt by Reuters to reach the leaker over the messaging service Telegram was not immediately successful.
Gal told Reuters that Facebook users should be alert to “social engineering attacks” by people who may have obtained their phone numbers or other private data in the coming months.
News of the latest leak here was first reported by Business Insider.