Facebook says the leak of 533 million users’ data online wasn’t a hack

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

mark zuckerberg facebook

Facebook CEO Mark Zuckerberg in Washington, DC, on October 23, 2019. Andrew Harnik/AP

  • Insider reported last week that data for 533 million Facebook users was posted on a hacking forum.

  • Facebook on Tuesday said the data was “scraped” sometime before September 2019.

  • Its explanation for what happened doesn’t quite make sense.

  • See more stories on Insider’s business page.

Facebook wants you to know that the leak of 533 million users’ data on an online hacking forum wasn’t a hack – or at least not a new one.

Insider reported on Saturday that 533 million Facebook users’ personal details, including names, email addresses, and phone numbers, had been posted to a low-level hacking forum.

Facebook published a blog post on Tuesday explaining why it had not disclosed the apparent breach.

Facebook said the data had not been obtained by hacking into its systems. Instead, it said it had been scraped off the platform at some point before September 2019.

“Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this,” the Facebook product-management director Mike Clark wrote in the blog post.

Clark said the method used to obtain the data exploited a vulnerability in Facebook’s contact importer, a tool that allows users to find the Facebook profiles of people using phone numbers. Facebook says that it fixed that particular vulnerability in August 2019 and that it was previously reported on.

This would mean it was not a new breach and the company therefore wasn’t obliged to notify anyone about it.

Read more: Facebook is hosting animal-abuse content disguised as rescues – and some of the videos have racked up millions of views

As reported by Wired’s Lily Hay Newman, however, Facebook’s timeline doesn’t quite make sense.

Facebook’s post links to a September 2019 CNET article as an example of previous reporting on the data leak. CNET’s article refers back to a September 2019 article from TechCrunch, which details a server containing the data of 419 million Facebook users being exposed online.

A Facebook representative told TechCrunch in 2019: “This data set is old and appears to have…