A widespread Facebook breach compromised the personal information of more than 533 million Facebook users from across 106 countries on Saturday.
Over the weekend, a user in a hacking forum published full names, Facebook IDs, phone numbers, birthdays and small addresses. A Facebook spokesperson told Insider that the information had actually been retrieved years prior, in 2019, when the social media platform noticed a flaw that led to the data leak. Facebook subsequently patched the issue that year — but not before millions of phone numbers were scraped from its servers. As a result, the delayed publication of personal data on Saturday has left millions of users vulnerable to potential threats and attacks from cybercriminals.
In response, third-party website Haveibeenpwned is now helping users determine whether their information was taken. The process is simple: Wsitors simply input their phone numbers or email addresses and the site returns their search with a simple yes or no. The site not only checks whether personal information from Facebook has been leaked, but also data from other websites, including Gab and Oxfam.
In promoting the site’s services earlier this week, Haveibeenpwned creator and security expert Troy Hunt, along with other cybersecurity specialists, questioned the truth behind Facebook’s claims and pushed for more transparency.
“The problem with this whole situation is that in a vacuum of information, people speculate,” he wrote on Twitter. “Facebook needs to make a clear statement on the data that’s in broad circulation; when it happened, where it came from and what’s in it. Without that, confusion and speculation reign.”
In response, the social media company published a lengthy blog post yesterday, reiterating that the data was not hacked.
“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” the company said. “Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this. The methods used to obtain this data set were previously reported in 2019.”