Facebook Says Previously Undisclosed Theft of 533 Million Users' Data Was Scraping, Not Breach
metacurity.substack.com
Facebook Says Previously Undisclosed Theft of 533 Million Users' Data Was Scraping, Not Breach
Signal will handle cryptocurrency payments, New Android malware distributed by faux Netflix tool, EU orgs targeted with intrusions, $38M worth of stolen gift, payment cards sold on forum, more
Share
Facebook Says Previously Undisclosed Theft of 533 Million Users' Data Was Scraping, Not Breach
metacurity.substack.com
Don’t miss out on breaking infosec news. Follow us on Twitter for updates.
A massive trove of around 533 million Facebook users’ data that is circulating on hacker forums came from a 2019 breach that Facebook did not disclose in any significant detail at the time and only fully acknowledged Tuesday evening. Facebook makes a fine distinction regarding this breach, saying that the data was stolen via scraping and not technically an intrusion into protected systems.
The records stolen by the hackers come from an entirely different data set than any of the other numerous data breaches Facebook has experienced in recent years. The attackers accomplished the data theft by abusing a flaw in a Facebook address book contacts import feature, which Facebook said it patched in August 2019. Facebook says it did not notify users about this exploitation because there are so many troves of semipublic user data taken from Facebook and other companies out in the world
Users can check whether their phone…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.