Facebook has attributed the leak of 533 million users’ data, as reported by Insider on Tuesday, to a data collection vulnerability that it previously identified in 2019. The company said Wednesday that malicious actors exploited a Facebook feature released in 2019 by using a method of scraping — an often automated process of netting unsecured public data — to collect users phone numbers, locations, birthdates, full names and other personally identifiable information.
Facebook said in a statement it has since taken action to prevent further exploitation of this feature.
“As a result of the action we took, we are confident that the specific issue that allowed them to scrape this data in 2019 no longer exists,” Facebook said in a Tuesday blog post.
The company said the technical flaw that created the vulnerability was found in the app’s ability to import contacts from a user’s phone. The captured data was previously reported on in January, after appearing for sale on Telegram. The dataset is now available for free.
To check whether a particular Facebook account was affected, users can search the breach-tracking website Have I Been Pwned.