Facebook has confirmed that a load of personal information was harvested from its servers, and uploaded freely to the internet, due to a feature gone wrong.
The data, according to the social media giant, was not stolen in a hack but through malicious use of the feature that allows users to import their contacts.
The “contact importer” feature was intended to allow people to upload their contacts from their phone to Facebook, and find people they might know.
However, malicious actors have succeeded in using it to scrape the personal information of about 535 million users on the platform, including that of the CEO, Mark Zuckerberg.
Although, Facebook said the error that made the leak possible has been fixed since September, 2019; but over the weekend, it became clear that the data had made its way to the public, greatly increasing the risk that anyone involved in it might face.
Facebook explained that the data was not stolen from Facebook directly, but instead “scraped”, using automated software to gather information that was later made public.
“This is another example of the ongoing, adversarial relationship technology companies have with fraudsters who intentionally break platform policies to scrape internet services. As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” Facebook said
Facebook however, added that the information “did not include financial information, health information or passwords”.
How to check if your data was among the leak
HaveIBeenPwned is a website that allows Internet users to check whether their personal data has been compromised by data breaches.
In this context, you can search through email addresses and phone numbers to check if your data is among those in the massive Facebook breach, or any other breaches.