Facebook confirmed, last Wednesday (7), what many already suspected: the database containing information from more than 533 million social network users is not a new leak, nor is it the result of a cyber incident. It is just a collection of materials collected by malicious agents who used the technique known as “data scraping” – or scraping of data, in a free translation.
Data scraping is nothing more than using botnets to scour social networks and collect information that Internet users have configured as public. Perhaps accidentally? Perhaps. Maybe on purpose? Perhaps. But that explains why the only data that was exposed is things like name, phone number, email address, occupation, gender, etc; passwords and sensitive content were not affected.
“The data in question was extracted from people’s profiles on Facebook by malicious agents using our contact importer before September 2019. This feature was designed to help people easily find their friends to connect to our services using their contact lists, ”explained the company in an official statement. Such an importer was deactivated after the incident.
Then you ask: “Okay, but so what?”. We replied: “Yeah, that’s it”. The social network has limited itself to saying that making malicious use of tools designed to help its users violates its usage policies and that the company will work to contain the spread of the exposed base. Still, this is not enough to prevent impacts on the victims of scraping. To Reuters, a platform spokesman said those affected will not even be notified.
So, the way is – at least for now – to use the Have I Been Pwned platform? so you can find out if your profile has been “scraped”, and, if so, to double your attention against any phishing attempts or similar scams.