(CNN Business) — Facebook does not plan to notify its users who may be among the 500 million whose personal information was exposed after being published on a website used by hackers.
Last weekend it was reported that a database of records of more than 533 million Facebook accounts, including phone numbers, email addresses, birthdays and other personal information, had been shared online. . Although the leak did not include sensitive information, such as credit card or social security numbers, the data could be exploited by criminals.
Facebook noted earlier this week that data was pulled from public profiles on its platform in 2019 using its “contact importer” feature. The company says it quickly made adjustments to the feature to prevent such activity from happening again.
“In this case, we updated it to prevent malicious actors from using software to mimic our application and upload a large set of phone numbers to see which ones matched Facebook users,” said Facebook’s director of project management, Mike Clark, in a blog post on Tuesday.
Although the data is from 2019, this week is the first time it has been published online. Because the data was pulled from public profiles, Facebook told CNN Business, the company cannot be sure exactly which users would need to be notified, and therefore does not plan to alert people who were potentially affected.
Facebook measures against the leak
Instead, Facebook has published a help page for users concerned that their details may have been disclosed. The page explains that the stolen information was only that which was publicly shared on user profiles at the time of extraction. This means that the data does not include information that was shared only with users’ friends, for example. It also details how users can adjust their privacy settings.
There are third-party websites, such as haveibeenpwned.com, where users can register to see if their personal data has been leaked.
Facebook also said it is “working to get this dataset removed and will continue to aggressively target malicious actors who misuse our tools whenever possible.”
“While we can’t always prevent data sets like these from being circulated again or new ones from appearing, we have a team dedicated to this work,” Facebook wrote on the help page.
It’s been a tough week for data security: In addition to the Facebook disclosure, LinkedIn confirmed late Thursday that, in a separate incident, information had been extracted from 500 million profiles of its users and is now up to date. sale on a site used by hackers.