1. SEJ
  2.  ⋅ 
  3. Tools

Are You One Of The 533 Million Facebook Users Who Had Their Data Stolen?

Facebook calls recent data leak ‘old news.’ Discover why the information is still valuable to cybercriminals and whether your data was stolen.

Facebook data breach

Data scraped from Facebook between June 2017 and April 2018 was leaked to a low-level hacking forum on 3rd April 2021.

The leaked data included information from 533 million Facebook users, including:

  • Account creation data
  • Date of birth
  • Email address
  • Facebook ID
  • Facebook bio
  • Full name
  • Location
  • Marriage details
  • Phone number
  • Past location
  • Relationship data

The hacked users may not have had all of these data points stolen, and it’s currently difficult to ascertain precisely what information and from whom the data was scraped.

The leak includes information from users across 106 countries with 32 million records belonging to Facebook users in the U.S., 11 million records from the U.K. and more across Europe:

Facebook data leak numbersSourced from Politico

The leak was discovered by Alon Gal, Hudson Rock’s Chief Technology Officer:

Alon told Business Insider:

“Individuals signing up to a reputable company like Facebook are trusting them with their data, and Facebook [is] supposed to treat the data with utmost respect,”

He also stated that the data leak is a breach of trust and should be dealt with accordingly.

Facebook Calls The Personal Information Leak ‘Old News’

Liz Bourgeois, Facebook’s Director of Strategic Response Communications, tweeted on the day the leak was discovered, calling it ‘old news.’

However, personal details such as email addresses, full names, phone numbers, and locations do not change regularly, so this latest leak is still valuable to cybercriminals who could use this information fraudulently.

Although not all of the information will be relevant today, it’s fair to presume that a lot will be, leaving users susceptible to phishing attacks and smishing; whereby hackers or cybercriminals try to make their victims click on a link or answer a text message.

Ulrich Kelber, a German Federal Data Regulator tweeted a picture of one attempt:

His comment alongside the image translates to:

Ulrich Kelber tweet translation

Ivan Righi, a cyberthreat intelligence analyst at Digital Shadows, has stated that the personal information would originally have been available at a high price, limiting the number of hackers opting to purchase the information.

He specified that the information was likely resold multiple times until the asking price became so low that it was published publicly, which is typical hacker behavior.

He also stated that:

“While the data may be old, it still holds a lot of value to cybercriminals.”

It’s possible that this information can be used to access accounts that require two-factor authentication, such as bank accounts.

At the very least, Facebook victims can expect an increase in nuisance calls.

Related: 7 Urgent Steps to Take When Your Facebook Account Gets Hacked

Is This A GDPR Breach?

The Information Commissioner Office states that the relevant regulator must be notified of any significant data breaches or leaks within 72 hours.

Whether Facebook is in breach of the EU’s General Data Protection Regulation (GDPR) legislation is currently up for discussion.

The original leak happened before GDPR was implemented; however, because the social platform states that they closed the breach in 2019, a year after GDPR was activated, there are questions about whether they should have followed the notification process.

Ireland’s Data Protection Commission stated yesterday that investigations were underway to ascertain whether any rules were violated.

Can You Find Out If Your Information Was Scraped?

You can discover if your email address or phone number was leaked using a tool called Have I Been Pwned? Troy Hunt, creator of the tool and Regional Director and MVP of Microsoft has stated that the tool can be used to discover whether you are a victim of the leak:

Facebook Speaks Out

Facebook’s Product Management Director, Mike Clark, published an article yesterday discussing the breach.

The article discloses that the information was scraped using a Facebook contact importer feature designed to help users find and connect with their friends.

When the social platform became aware of how hackers used this feature, they implemented updates.

Keeping your Facebook account safe

The article advises users to update the ‘How people find and contact you’ control, carry out privacy checkups regularly and enable two-factor authentication.

Unfortunately, hacks are not a new thing, and as the internet develops, so shall technology that takes advantage of any data available.

Twitter users were victims of hacks on 15th July 2020, and WordPress also has its troubles. Unfortunately, protection against these events is often reactive as hackers find new vulnerabilities to exploit.

Other articles covering the story:

Hot for security
Business insider

Category News Tools
Rebekah Dunne Content executive & SEJ news writer at Sweet Digital

Rebekah has six years experience in the world of digital. When she isn’t writing news stories for Search Engine Journal ...

Are You One Of The 533 Million Facebook Users Who Had Their Data Stolen?

Subscribe To Our Newsletter.

Conquer your day with daily search marketing news.