Facebook explains how it secures user data from scraping attempts by hackers

Facebook is the most popular and commercially successful social networking platform in the world, however the platform is no stranger to data breaches incidents reported from time to time.

Recently data of over 530 million Facebook users had been scraped from the site, and posted online by hackers. Facebook decided not to disclose this information to users and the move was widely criticised. The company explained in a post about how it is going to block scraping of data on the site.

The company begins by describing the major difference between authorised scraping, such as the ones leveraged by search engines like Google, as well as unauthorised scraping that utilises automation to collate data, the latter one jeopardizes the company’s terms of service.

Explaining further, the company reveals how it secures public datasets. Facebook states that it has been working with researchers to find out whether user information is available publicly as datasets across a range of hosting providers.

The post states that there is no “surefire options” for bringing those leaked datasets offline or taking actions against the attackers, however, it has taken “over 300 enforcement actions” which includes sending cease and desist letters, filing lawsuits or making requests to hosting providers to take down such listing.

One of the major scraping headaches for the company is a technique known as ‘phone number enumeration’ which is leveraged by scrapers to quickly gain details about users through their phone numbers added to their user accounts. The company has stated that it believes scrapers had taken advantage of the contact importer feature to gain access to user details based on a particular region, and this way their data was uploaded to external databases before this flaw was resolved by the company.