Last week, Business Insider revealed that data of more than 530 million users, including information like their phone numbers and dates of birth, were made freely available in a public database.
The data was obtained using a loophole in the social media platform’s system for synchronizing contacts. The data was breached before 2019 and recently made public in a database.
However, the company, through a blog post, reported that the vulnerability was fixed in September 2019.
“It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019,” the company said in the post.
Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this.
Facebook assured that the data breach did not include financial information, health information, or passwords.
The company also added that since it was not something that the users could alter, they deemed informing the users unnecessary.
The EU’s lead regulator for Facebook, Ireland’s Data Protection Commission also accused Facebook of “no proactive communication” about their action on the data leak.