Facebook — Data Breach
Executive Summary
Personal data of 533 million Facebook users from 106 countries — including phone numbers, names, locations, birthdates, and email addresses — was posted on a hacking forum for free. The data had been scraped in 2019 via a vulnerability in Facebook's contact importer tool. Facebook chose not to notify affected users.
What Happened
Personal data from 533 million Facebook users across 106 countries was posted for free on a hacking forum in April 2021. The data, which included phone numbers, names, locations, birthdates, and email addresses, had been scraped in 2019 by exploiting a vulnerability in Facebook's contact importer feature that allowed users to find each other by phone number. Facebook fixed the vulnerability in August 2019 but chose not to notify affected users about the data exposure.
Who Is Affected
Over 533 million Facebook users worldwide are affected, with their personal information now publicly available. Nearly every user record in the leaked database contains a mobile phone number, Facebook ID, name, and gender. The leak does not include financial information, health data, or passwords, but the exposed phone numbers and personal details leave users vulnerable to targeted scams and identity-related attacks.
Why It Matters
This breach represents one of the largest exposures of Facebook user data and highlights the company's approach to user notification and accountability. Phone numbers serve as universal identifiers increasingly used for two-factor authentication and identity verification, making their exposure particularly dangerous for users. Facebook's decision not to notify affected users, citing that the data was publicly available and users could not fix the issue themselves, raises serious questions about corporate responsibility when handling user privacy incidents.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.
Sources