Everything you need to know on the Facebook data breach
A data leak of more than half a billion users
By Thorin Bristow & Talia Goury
Sat 10 April 2021
What exactly happened?
On Saturday 3rd April, phone numbers and personal details of 533 million Facebook users were exposed in an online forum, by a low level hacker.
The personal information leaked - stolen from 11 million UK, 30 million American and 7 million Australian Facebook users - includes Facebook IDs, relationship status email addresses, birth dates, phone numbers, locations, and biographical information.
What's even more surprising is that Mark Zuckerberg - the founder of Facebook - was also a victim of this data leak. Ironically, his personal phone number was amongst the information exposed in the data breach.
How worried should we be about this Facebook data leak?
Facebook has insisted that this specific breach dates back to January 2019 and that the information has since been secured. This Facebook leak was initially uncovered by Alon Gal, Chief Technology Officer of the cybercrime intelligence at Hudson Rock.
He came across this leaked data when a user in the same forum started advertising a software able to provide phone numbers of millions of Facebook users.
It was also disclosed that malicious actors took advantage of a security vulnerability, which was patched by Facebook in the same year, to scrap the huge data. This means that only users who created their Facebook after 2019 are immune from this breach.
Facebook claim to be a lot less vulnerable to such hackings, having "found and fixed" the breach over year ago, after seeing the data of 80 million users violated in the Cambridge Analytica scandal.
In terms of security, there wasn't much more Facebook could do once news of this old data breach came out but warning users of this breach could have helped them stay alert to future phishing and scams.
"Individuals signing up to a reputable company like Facebook are trusting them with their data, and Facebook [is] supposed to treat the data with utmost respect," Gal said. "Users having their personal information leaked is a huge breach of trust and should be handled accordingly."
Old or new: should it matter?
While post-breach account users can sleep in peace, there seems to be slightly too much emphasis on the precise date of the leak and not enough focus around user privacy.
Despite it being an old breach, the information leaked remains extremely valuable to cybercriminals worldwide and puts all 533 million international users at risk of identity fraud and financial harm.
According to Gal, "A database of that size containing the private information such as phone numbers of a lot of Facebook's users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts".
How to know if your personal data was exposed in this breach
While this breach has caused havoc amongst worldwide Facebook users, it has also managed to shed light on various online tools that offer more clarity in situations like these. For example, the website Have I Been Pwned allows anyone to enter their details and check whether or not their information has been compromised in any way.
The platform now allows users to enter their mobile number as well as their email address, in order to gain confirmation on whether or not it appears in the leaked database.
If you have any questions or concerns about Facebook's data breach, please contact our customer support team.