According to the company, the data are not the result of a invasion to their systems, but rather the use of a technique known as scraping (scraping or data collection), where automated tools are used to collect data from publicly available pages and profiles.
More specifically, according to Facebook, the data would have been collected before September 2019, with malefactors “abusing” a contact import tool to obtain a limited amount of data about a profile.
- How do I keep my data safe after Facebook leaks?
- Leak exposes passwords of 500 Brazilians with fake account scam
- Federal Police arrest suspect of 223 million CPFs mega leak
Robots passed by the Facebook app and sent a large number of phone numbers to the site, to check which ones were associated with profiles. According to the website Bleeping Computer, who analyzed a sample of the leaked data, all had a cell phone number, unique identifier (Facebook ID), user name and gender.
Facebook claims that the data does not include financial, health or Passwords, and that as soon as the “abuse” of the contact import tool was detected, the tool was modified to prevent it from continuing to happen.
The company claims to be working to take data out of this recent leak, and promises to "continue to aggressively pursue criminals who misuse our tools whenever possible."
"We cannot always prevent data sets like these from being recirculated or new ones from appearing, but we have a team dedicated to this," he says.
Leak under investigation
Scraping or not, the leak of Facebook user data is under investigation in many countries. In Ireland, the Data Protection Commission (DPC) issued a statement last Tuesday (6) reminding that Facebook user data had already been published on the internet in 2018 and 2019.
According to the DPC, Facebook decided not to notify the episode that occurred at that time as a breach of personal information, since the collection took place before the implementation of the GDPR (General Regulation on Data Protection). "The newly published dataset appears to include the original 2018 dataset and combine with additional records, which may be from a later period," explains the agency.
In Russia, the body responsible for media control, censorship and supervision is Roskomnadzor, which also investigates the case. He asks for more complete information on how the leak affects the nearly 10 million Russian users affected. According to the agency, the incident exposed 76,3% of the social network base in the country.
In Brazil, the case is being accompanied by Procon-SP. The agency expects Facebook to detail on which legal bases the treatment of personal data of Brazilians is sustained. "In the case of the need for consent, explain how it was obtained and inform about the measures adopted to comply with the General Data Protection Law, about the policy of data disposal and storage time," he said.