Facebook says the leaked 533M records are a different data set that attackers created by abusing a flaw in a Facebook contacts import feature, not by hacking (Facebook 533m Newmanwired)

Facebook 533m Newmanwired: Facebook says the leaked 533M records are a different data set that attackers created by abusing a flaw in a Facebook contacts import feature, not by hacking

Recently, the data-mining company UpGuard found a trove of user information from Facebook and other social networks that was exposed on Amazon’s cloud storage service. According to Facebook, the leak was due to an issue with their contact import tool which allowed users to upload contact lists of up to 10 million people.

The data exposed included the names of millions of Facebook users, their contact information and “possible relationship details” such as schools, employers and their children.

Facebook says that several weeks ago the company discovered suspicious login activity on its site which led to a review of its internal systems. That review revealed that impacted user names and contact lists were accessed through a security issue in its “Contacts importer” tool. The issue was also present in older versions of Facebook but it has been fixed in more recent ones. The company has also fixed the issue on its site to prevent further unauthorized access.

Facebook says that while the flaw allowed an attacker to take contact lists of up to 10 million people, it did not allow them to access any private messages on Facebook’s site. This was not an issue with its “Messenger” platform however, where contact lists are protected as messages and cannot be exported or copied by anyone other than the owner.

The company says that it is “not able to confirm which specific accounts may have been impacted”, but the UpGuard researchers have said that the leak included the name, phone number, email address, and Facebook ID of more than 400 million users.

UpGuard has estimated that data from at least 187 million users were accessed. The leaked data also included 152,337,174 user name and password combinations for 22,017,024 unique accounts. The company also says that the leaked data included “education, employment and family information” for more than 100 million Facebook users.

Facebook has not disclosed how many of the affected users were located outside U.S. borders, but says that the majority of affected users are in the U.S. and Canada. The company is recommending that all users of their “Contacts importer” tool delete all contact lists stored by this tool and change their Facebook passwords as a precautionary measure against further attacks on their accounts via this flaw.

UpGuard has said that it believes that these leaked data are from named users who used Facebook’s “Download Your Information” tool to grab their data ahead of the company’s 2012 policy change that shut down its API for this purpose. So, according to UpGuard, the people included in this database were likely all active Facebook users since 2012.