533 Million Facebook Users Have Their Accounts Breached in Data Hack

Evan Green, Staff Reporter

What is the Facebook Data Breach?

One of the larger news pieces so far in April, the Facebook data breach that first began circulating on Saturday, April 3rd, has major implications, both for the users that were affected, as well as Facebook and its lackluster response to the incident.

In short, a vulnerability in Facebook’s system allowed hackers to obtain multiple pieces of information on specific users, including name, Facebook ID, locations, birthdates, and in some cases email addresses. Technically, this hack did not take place recently. The issue was first discovered in August 2019 and was patched by Facebook employees. However, Facebook did not notify users regarding this breach, which is why the issue is only being brought up now, as the data circulates across the internet.

What Caused the Breach?

As stated earlier, this breach took place in August 2019 and was caused by a vulnerability in Facebook’s contacts features data miners exploited to access large amounts of user data that could be sold on the internet for varying prices. This is not a very uncommon practice, and social media sites are notorious for their frequent data hacks. The main features setting this breach apart from others are the scale, with nearly 20% of Facebook users being affected, as well as the variety of information that leaked with such as phone numbers, employers, and even relationship status in some cases.

The fact that the breach took place in 2019 does not mean that it is not significant, however, as much of the information that was stolen does not change very frequently for most people, and so a lot of the data can still be used by scammers to commit fraud and/or send unwanted spam calls and messages to users whose information was leaked. While this data breach may be one of the most significant security failures to occur through Facebook, it is most certainly not the only one, as the company has a long history of poor privacy features being exploited by hackers.

History of Facebook Data Leaks

Facebook is widely considered to be one of the least secure social media platforms when it comes to protecting user data. This is quite an accomplishment considering just how terrible many social media services are in this field. According to an article by SelfKey, Facebook is responsible for the most data leaked in 2019 out of all major social media websites. Throughout Facebook’s history, there have been numerous data breaches, but there are a few, in particular, that stands out as particularly important.

The first major breach of Facebook user data occurred in June 2013, when the company discovered that a bug had been revealing the personal information of users for over a year without Facebook’s knowledge. This breach affected around 6 million users and included phone numbers and email addresses. Moving ahead to 2018, in May of that year roughly 14 million users had their private posts be released publicly on the app, completely destroying the privacy of the platform. This only occurred for around five days, but served as one of the major scandals regarding user privacy.

One of the worst years for data breaches at Facebook was 2019, with the first occurring in March and affecting over 600 million users. This breach was only accessible to Facebook employees but allowed over 2000 different employees access to user passwords which were being stored in non-encrypted, easily accessible files. Then in April, it was discovered that 540 million user accounts were being stored on a public server. Although it is unknown if any hackers utilized this weakness, it did take months for the issue to be resolved by the company that was hosting the server. With all of these breaches, it should be of little surprise that many users are simply shrugging off Facebook’s latest failure, as privacy issues like this have become a staple of the platform.

How is Facebook Responding to the Incident?

Facebook has received a large amount of backlash regarding its response to this incident, mainly due to the lack of transparency. This is because Facebook was aware of this issue nearly a year and a half ago, and yet they did not notify their users in any meaningful way. The company claims that they addressed the issue in a Forbes article from 2019, but this article was actually addressing an entirely different privacy issue occurring on the Facebook-owned service Instagram and did not address the Facebook breach in any way. 

This situation could actually stir up legal issues for Facebook, as some European countries have laws that require companies to inform users when their data is leaked. In particular, the Irish Data Protection Commission is currently investigating the breach to see if it violated their rules. Facebook also claims that since the data breach originally occurred in 2019, they have no obligation to inform their users about the issue now, which has also prompted massive amounts of backlash.

How to know if you were Affected by the Breach

Despite the frequency of these breaches, it is still very important to know whether or not your data has been stolen, as hackers can use this data in many different negative ways. The easiest way to determine if your email address has been released publicly is to visit the website haveibeenpwned.com. This website allows you to enter either your email address or phone number to see if these accounts have been released in a data breach. The website will inform you if your account has been breached, as well as what specific websites your information was taken from. The phone number feature was only recently added with this specific Facebook breach being one of the main reasons why the feature was implemented.

What to do if your Data was Leaked

One of the main things users should do if their information was released in this data breach is to keep an eye out for any potential online scams that may be sent their way. This includes emails and phone calls that may attempt to impersonate legitimate businesses such as doctor’s offices. If this occurs, the best course of action is to hang up without revealing any information, find the official number of the business, and call them to ask if the call was legitimate. 

What can be done to Prevent Future Breaches

One of the most important steps that users can take when trying to protect their internet privacy is to secure their passwords. It may be tempting to just reuse the same password over and over again on different websites, but this can have major consequences if one of those websites has its data leaked. If this happens, hackers can access basically all of the user’s accounts across all of the internet. There are many different services that can help users come up with unique and safe passwords, with some of the most trusted including 1password and LastPass. 

In addition to securing passwords, users should be wary of anyone attempting to ask for personal information of any kind on the internet. Locations, phone numbers, and other personal information should all be kept as confidential as possible on the internet, as this data can be used negatively by scammers.