Facebook has leaked the personal data of 533 million users to the internet. This data includes user birthdates, phone numbers, and geo-locations. Although the data breach has affected users from 106 countries, users in the US, UK, and India have been the most affected – with 32 million, 11 million, and 6 million users in each respective country getting their private data leaked.
In a recent report by the Business Insider, this breach in user privacy began in January and was first spotted by security researcher Alon Gal – who discovered that someone had posted private Facebook user data to a hacker website, leaving these users susceptible to fraud, identify theft, and online scams.
Gal shared screenshots of the leaked data on his Twitter account – warning Facebook users that their personal information was probably out in the open for everyone to see:
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely the phone number used for the account was leaked.
I have yet to see Facebook acknowledging this absolute negligence of your data. https://t.co/ysGCPZm5U3 pic.twitter.com/nM0Fu4GDY8
— Alon Gal (Under the Breach) (@UnderTheBreach) April 3, 2021
Gal also shared his thoughts on Facebook’s negligence in their handling of user data:
“A database of that size containing the private information such as phone numbers of a lot of Facebook’s users would certainly lead to bad actors taking advantage of the data to perform social engineering attacks [or] hacking attempts. Individuals signing up to a reputable company like Facebook are trusting them with their data and Facebook [is] supposed to treat the data with utmost respect. Users having their personal information leaked is a huge breach of trust and should be handled accordingly”.
A Facebook spokesperson addressed the privacy breach allegations on Twitter – arguing that it was from an old data leak in 2019 and had already been resolved:
This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.
— Liz Bourgeois (@Liz_Shepherd) April 3, 2021
This response from Facebook – however – has not stopped the severe public backlash, with many users unconvinced that their personal data was safe: with its history of faulty security, it is no surprise that Facebook is under extreme public scrutiny.
A lesson for other social media platforms: keep your user’s private information private.