Security News > 2021 > April > Facebook: Stolen Data Scraped from Platform in 2019
The leak of personal data from more than 533 million Facebook users was scraped from their profiles by malicious actors because of a security flaw in the company's platform prior to September 2019, the social media giant said Tuesday.
Threat actors posted that data to a public hacker forum over the weekend, once again raising privacy concerns and putting Facebook in the middle of controversy over its protection, or lack thereof, of user data.
"We believe the data in question was scraped from people's Facebook profiles by malicious actors using our contact importer prior to September 2019," according to the post by Mike Clark, a Facebook product management director.
Ireland's Data Protection Commission is the first watchdog group to say it's looking into the matter because of its possible infringement of the General Data Protection Rule, which mandates that companies disclose data breaches within a certain period of time or face penalties.
"Previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website which at the time Facebook advised occurred between June 2017 and April 2018 when Facebook closed off a vulnerability in its phone lookup functionality," the DPC said in the post.
Some of the data leaked over the weekend data may be from a later period which could mean Facebook is in breach of the GDPR, according to the DPC. "The DPC attempted over the weekend to establish the full facts and is continuing to do so," according to the commission, which is working with Facebook to resolve the investigation.