WGNO

Facebook confirms data was stolen, doesn’t plan to notify the 533 million users

FILE - This March 29, 2018, file photo shows the Facebook logo on screens at the Nasdaq MarketSite, in New York's Times Square. (AP Photo/Richard Drew, File)

(NEXSTAR) – On Tuesday, Facebook addressed reports that 533 million user of the social media site had their data stolen in a “scraping” incident that happened back in 2019.

In a Facebook blog post, the tech company said it was aware of the issue and that the stolen data — including phone numbers, birth dates and, in some cases, email addresses — was a result not of hacking, but of “scraping.”


“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” the blog post reads.

Scraping is a “common tactic,” Facebook said, which “often relies on automated software to lift public information from the internet and can end up being distributed in online forums,” as was the case with the recently reported 2019 hack.

“We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019. This feature was designed to help people easily find their friends to connect with on our services using their contact lists,” Facebook said.

The company added that it had fixed the contact importer, and it is “confident” that a problem “no longer exists.”

Facebook did not respond to a direct request for further comment by the time of publication.

A spokesperson told Reuters that Facebook does not plan to notify the more than 530 million people who’s data was scraped.

Per Reuters, the spokesperson said the company was “not confident it had full visibility on which users would need to be notified” and that “users could not fix the issue.”

There is a way to check if you were one of the users who’s data was scraped.

All you have to do is input your email address or phone number to the website HaveIbeenpwned.com, and it will inform you whether you’ve been subject to a security breach. The method works only if you were one of the users whose phone number or email were stolen, however.