Skip to Content

Does anyone know that FB got hacked?

By: Author Jonathan Turner

0 Comments
Does anyone know that FB got hacked?

Facebook, one of the world’s largest social media platforms with over 2 billion monthly active users, appears to have suffered a major security breach, with personal information of over 500 million users reportedly stolen and posted online. This raises critical questions around Facebook’s security protocols and ability to protect user data.

What happened in the Facebook hack?

On April 2nd, 2021, Business Insider first reported that phone numbers, Facebook IDs, locations, birthdates, and email addresses of 533 million Facebook users from over 100 countries were posted in a hacking forum. The leaked data contains sensitive personal information of Facebook users from several years ago.

This is one of the largest leaks of Facebook user data to date. While Facebook user passwords were not leaked, the exposed personal information still poses serious risks around identity theft and targeted phishing attacks.

How did the hacker access and leak Facebook user data?

It appears the hacker exploited a vulnerability in Facebook’s contact importer feature, which allows users to find other users by phone number or email address. By writing a computer program to automatically submit millions of phone numbers to this tool, the hacker was able to obtain associated user IDs and other personal details that were subsequently leaked online.

This vulnerability was reported to Facebook and fixed in 2019. However, the leaked data seems to be from an earlier breach, before Facebook patched the importer tool weakness. This highlights Facebook’s previous security oversights and inability to protect user data.

What information was exposed in the Facebook data leak?

For over 500 million Facebook users, the following personal information was leaked and posted publicly online:

  • Phone numbers
  • Facebook IDs
  • Full names
  • Locations
  • Birthdates
  • Bios
  • Email addresses

In some cases, the details include the user’s past locations, dates of birth, emails, and other sensitive account information. This data could be used by cybercriminals for identity theft, targeted phishing scams, or other malicious activity.

Where did the leaked data originate from?

The leaked records seem to come from various sources and countries where Facebook operates, including:

  • 32 million records from the US
  • 11 million records from the UK
  • 6 million records from India
  • Over 1 million records from Australia and Canada each
  • User records from dozens of other countries

This indicates that the security breach was widespread, affecting Facebook’s global user base across its platforms, including both Facebook and Instagram accounts.

How has Facebook responded to the data breach?

A Facebook spokesperson stated that the leaked data was “old” and previously reported in 2019, when the vulnerability was first discovered and fixed. They emphasized that the data was obtained “before the flaw was fixed” in August 2019.

Facebook claims there is “no evidence” of hackers obtaining this data by exploiting the patched vulnerability after September 2019. They also warned that malicious actors may attempt to profit from selling the stolen data online.

However, Facebook has not directly notified impacted users or fully verified the extent and scope of the leaked data. They have not yet disclosed specific details around the initial 2019 security incident or subsequent vulnerabilities that the hacker potentially exploited.

Should impacted Facebook users be worried?

Even though the breach happened years ago, security experts strongly recommend users to be vigilant against potential risks from this massive data leak, including:

  • Phishing attacks – Due to exposed emails and phone numbers, users are vulnerable to targeted phishing scams and communication from threat actors posing as legitimate entities. These attacks trick users into sharing passwords, bank information, or other sensitive data.
  • Identity theft – With stolen names, birthdates, locations, and other account details, criminals can impersonate or steal identities of Facebook users for financial fraud and other nefarious activity.
  • Account hacking – If used together with passwords obtained from other sites via credential stuffing, the Facebook information could allow hackers to break into user accounts and profiles.
  • Online tracking – Phone numbers and emails can potentially be used to track, profile and target Facebook users more easily across the internet and social media.

Users should be vigilant about unsolicited communications, review account security settings, enable two-factor authentication if available, and watch for signs of fraudulent activity.

What could Facebook have done to prevent this?

Facebook had several opportunities to prevent or mitigate the impact of this breach:

  • Earlier detection – The vulnerability in the contacts importer API that the hacker exploited was only fixed by Facebook in 2019, despite being previously reported. Prompt action could’ve safeguarded user data.
  • Limiting data access – The ability to scrape millions of phone numbers and harvest associated user details should have been restricted by Facebook’s systems to prevent large-scale data leaks.
  • Increased transparency – Users should have been clearly informed by Facebook whenever high-risk security bugs are discovered that could have exposed their information.
  • Ongoing audits – Regular security reviews and penetration testing of features prone to scraping vulnerabilities could have detected the importer issue sooner.

Facebook has faced criticism in the past for security oversights and lack of transparency around breaches. Preventative measures like audit processes, restricted API access, and user alerts could have helped mitigate this incident.

What should impacted users do now?

If you suspect your Facebook account information was a part of the breach, here are key steps to take:

  • Turn on two-factor authentication for your Facebook account, if not enabled already. This will require an additional login step via SMS code, authenticator app, or security key.
  • Change your Facebook password to a new, strong, and unique password that you don’t use on any other sites.
  • Review all your Facebook account settings, privacy options, login locations, and authorized apps/devices to watch for anything suspicious.
  • Beware of unsolicited emails, texts, calls claiming to be from Facebook. Don’t click suspicious links or provide any sensitive information.
  • Consider using a password manager to keep your credentials secure.
  • Monitor your accounts and credit reports closely for signs of fraudulent activity.

You can also contact Facebook support to get additional help securing your account if it may have been impacted by this breach.

Conclusion

The exposure of personal data belonging to over 500 million Facebook users in a recent large-scale security breach highlights serious concerns around Facebook’s ability to protect user privacy and prevent data leaks.

While Facebook claims the data is “old” from a vulnerability fixed in 2019, security experts warn users to remain vigilant against phishing, identity theft, and account compromise. Facebook could have limited the breach through better data access controls, faster patching, and increased transparency.

If you suspect your information was exposed, take preventative steps like improved account security, password changes, and monitoring your online identity and accounts. Going forward, Facebook must prioritize security and privacy to prevent further damages to user trust and safety.

Related posts:

  1. What Are Facebook Shortcuts?
  2. Is Facebook Shortcut Random
  3. Are facebook shortcut public
  4. Why Are There Always Shortcuts of Friends Showing Up Facebook App