Cyber agency asks Indian Facebook users to enhance account privacy after global data leak

It is the federal technology arm to combat cyber attacks and guard the Indian cyber space against phishing and hacking assaults and similar online attacks.

Published: 20th April 2021 01:19 PM  |   Last Updated: 20th April 2021 01:19 PM   |  A+A-

Facebook’s SDK caused similar crashes in May.

Facebook logo (File | AP )


NEW DELHI: Country's cyber security agency CERT-In has advised Facebook users to strengthen their account privacy settings after a recent global 'data scraping' incident in the social media platform was detected that affected about 61 lakh Indians.

"As the Facebook platform evolves and grows, parts of your account could be public. Data could also be collected and shared in ways you don't know about," the Indian Computer Emergency Response Team or CERT-In said in a public advisory issued on Monday.

It is the federal technology arm to combat cyber attacks and guard the Indian cyber space against phishing and hacking assaults and similar online attacks.

"It has been reported that globally there has been a large scale leakage of Facebook profile information. The exposed information includes email addresses, profile ID, full name, job occupation, phone numbers and birth date."

"According to Facebook, the scraped information does not include financial information, health information or passwords, however information from more than 450 million unique Facebook profiles globally, including approximately 61 lakh Indian individuals, has been made publicly available in multiple cyber criminal forums for free," the advisory said while explaining the breach.

A cyber security expert had spoken about this online leak earlier this month, which was acknowledged by the company, stating that "this is old data that was previously reported on in 2019. We found and fixed this issue in August 2019".

The CERT-In said that Facebook has claimed that this 'data scraping' happened by using the "contact importer" feature of the platform, which allows users to find other users by using their phone numbers.

"Facebook stated that this feature was changed in September 2019, following the discovery that threat actors were abusing the feature.

"However, while Facebook modified the feature in 2019 to thwart this kind of abuse, the phone numbers of 450 million global users had already been harvested by malicious actors, along with other identifying information on users," it said.

Dejargonising the term 'data scraping', the advisory said it refers to the process of using automated software or scripts to harvest public information from sites, such as any information users make publicly available in their profiles like names, city, occupation, among others.

"Cyber criminals may scrape data from sites for a variety of purposes, including spamming, information gathering and social engineering attacks."

"They can also sell scrapped data for a profit to other cyber criminals, marketing companies or call centres," it said.

The advisory, while asking users of this popular social media platform to follow good cyber hygiene practices, also said that Facebook has advised individuals to "make sure that their privacy settings reflect what information they want to share publicly and who they want to be able to look them by phone number".

Facebook, it added, has also recommended account holders to enable two-factor authentication also know as 2FA.

It also recommended that users can consider changing their profile settings to "private" or "friends" only as data scrapers can use "public" information of an individual to "match and combine with data from other breaches to access even more of their personal information and accounts".

It also asked users to adjust their settings to who can find and contact them on Facebook and consider whether to set them all to "friends" or stricter for stronger security.

In a similar incident reported in March 2018, Facebook data of over 5.62 lakh Indians was allegedly compromised as UK-based Cambridge Analytica had accessed information of about 87 million users globally.

The Central Bureau of Investigation (CBI) is now probing this data breach on charges of profiteering and manipulating elections by illegal harvesting of Indian user data.

India is among the biggest markets for Facebook and its group companies, WhatsApp and Instagram and according to government data, the country has 41 crore Facebook users, 53 crore WhatsApp users and 21 crore users of Instagram.

India Matters


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp