Last weekend, it was reported that a database of records of more than 533 million Facebook accounts – including phone numbers, email addresses, birthdays and other personal details – was shared online. Although the leak did not contain sensitive information such as credit card or social security numbers, the data could still be exploited by bad actors.
Facebook (FB) noted earlier this week that the public profile data on its platform was deleted in 2019 using the “contact importer” feature. The company says it has made quick adjustments to the feature to prevent such activities from happening again.
“In this case, we updated it to prevent malicious actors from using software to copy our app and upload a large set of phone numbers to see what matches Facebook users,” said Mike Clark, director of Facebook. project management, said in a blog post on Tuesday.
Although the data is from 2019, this week is the first time it has been posted online. Because the data was deleted from public profiles, Facebook told CNN Business that the company could not be sure exactly which users would be notified and therefore did not intend to warn individuals who might be affected.
Instead, Facebook has released a Help Center page for users who are concerned that their data has been released. The page explains that only information shared in the user profiles at the time of scraping, which means that the information does not contain information shared with users’ friends, for example. It also contains details on how users can customize their privacy settings.
There are third-party websites, including haveibeenpwned.com, where users can search for themselves to see if their personal data has been leaked.
Facebook also said it was “working to take down this data set and will continue to aggressively pursue malicious actors who misuse our tools where possible.”
“While we can not always prevent such datasets from recycling or new ones from appearing, we have a dedicated team focused on this work,” Facebook wrote on the help page.
It’s been a tough week for data security: In addition to the revelation of Facebook, LinkedIn confirmed Thursday night that information in a separate incident was deleted from 500 million user profiles and is now for sale on a website run by hackers.