533 Million Facebook Users’ Information Leaked

Over Half A Billion Users Have Had Private Information, Including Phone Numbers, Leaked


Facebook users’ privacy has been compromised once more, on a huge scale. Credit: Image by Gerd Altmann from Pixabay

Kate Stout, Writer

People in over a hundred countries have suddenly found their personal information and contact information publicly available on the internet.  Facebook has remained largely quiet on the issue and does not seem to be taking responsibility for the leak, changing some students’ opinions on the app.  

What Caused the Leak? 

Facebook claimed that the data came from the exploitation of a design flaw that was meant to link phone contacts to Facebook profiles.  Instagram and Facebook both shared this flaw, which allowed “actors” link random phone numbers to people’s names and other personal identifiers.  Forbes released an article that centered around the privacy concerns for Instagram users, although the recent leak seems to affect only those who have a Facebook account.  

At the time of the incident Facebook was remarkably quiet.  Even though the information had been scrapped sometime in 2019, Facebook did not notify its users of the event.  The company seems to still be unaware of the extent of what happened, although the bug that caused the vulnerability has been dealt with.   

Having all of this information publicly available is increasingly dangerous now, when keeping phone numbers private is more important than ever.  WIRED highlighted that having all of the information linked together (rather than just a list of random phone numbers) could put people at risk.  

“It’s all the kind of information that may already have been leaked or scraped from some other source, but it’s yet another resource that links all that data together—and ties it to each victim—presenting tidy profiles to scammers, phishers, and spammers on a silver platter,” WIRED writer Lily Hay Newman stated.  

Facebook responded in a blog post, explaining what had occurred. The Guardian and WIRED both expressed skepticism at Facebook’s response, especially since Facebook has been avoiding The Guardian’s questions regarding the leak.  The company was careful to emphasize that the data was scraped and that they were not hacked and claimed that the way the data had been collected was already explained in 2019.  

“Scraping is a common tactic that often relies on automated software to lift public information from the internet that can end up being distributed in online forums like this,” Product management director Mike Clark “The methods used to obtain this data set were previously reported in 2019.” 

In addition to this Facebook addressed that users of the app should be conscious of their own decisions when it came to privacy settings and neglected to ever accept the blame or apologize for the massive leak of 533 million people’s personal information.  

“While we addressed the issue identified in 2019, it’s always good for everyone to make sure that their settings align with what they want to be sharing publicly. In this case, updating the “How People Find and Contact You” control could be helpful,” Clark explained. “We also recommend people do regular privacy checkups to make sure that their settings are in the right place, including who can see certain information on their profile and enabling two-factor authentication.”  

Past & Future  

The current Facebook leak is not the first that the company has received bad publicity about failing to protect its users’ information or their first time dealing with leaked data on a large scale.  While 533 million may be a new record, 2018’s Facebook-Cambridge Analytica Scandal was not unlike this incident.  

During the Facebook-Cambridge Analytica Scandal the information of potentially 87 million people was compromised.  Worse still, the information was used to promote political agendas by specifically targeting political ads at certain people.  The result of the scandal (among other privacy issues regarding Facebook) was, in the United States alone, a fine of $5 billion by the Federal Trade Commission. 

In 2018 Facebook was hacked as well, resulting in personal information of 30 million people to be leaked.  Again in 2019 Facebook failed to protect its users’ phone numbers.  Reported by TedCrunch, more phone numbers from Facebook were available to find in an exposed server that was not protected by a password.  Including the phone numbers of over a hundred million American users.  

The impact of the current leak and the potential legal repercussions for Facebook are still not entirely clear, since the data was leaked only earlier this month.  In the U.S., WIRED explained that it might not be possible for the FTC to fine Facebook again, since the information was scrapped back in 2019 even if it was released to the public in 2021.  Since 2019’s fine was about Facebook’s privacy shortcomings in general, the current leak may fall under that umbrella fine. 

The Washington Post explained that not much could be done federally to Facebook, although some states with specific privacy statutes may be able to take legal action.  In Europe, though, Facebook could be facing charges.  A digital rights group in Ireland is urging people who live in the European Union to join in on a mass action lawsuit, as reported by TedCrunch 

For Facebook users concerned about their safety the website haveibeenpwned.com (created by web security consultant Troy Hunt) can tell if someone has had their information leaked after a user enters an email address or phone number.  Beyond this, there does not seem to be any actions individuals can take to confirm their privacy.  

 Student Thoughts 

Students and teachers have mixed feelings on the leak, but Freshman Ralph Antoine did not seem willing to condemn Facebook’s actions, even though he was initially concerned for his safety.  

“My reaction to the leak made me scared and confused. They could have your phone number or birthday. But, later on the feeling of being in danger went away. The leak is not as bad as it seems. Yeah it’s still bad, but my privacy was protected anyway. 

Antoine joined Facebook as a child, but his use of the app has dwindled.  He explained his reasoning for his lack of concern regarding the new Facebook leak, pointing out that Facebook is far from the only company to have its users’ information leaked.  

The reason why Facebook isn’t bad because Facebook is like other companies who make mistakes. For example, Sony has been hacked and leaked a bunch of important information. Companies have made mistakes before and the leak from Facebook is not as bad as it seems. 

Facebook user and English teacher Mrs. McKenna Hosek blamed Facebook for not protecting her information. While she will continue to use the app, she is cautious about how she uses it. 

I still use Facebook; however, I am wary to release any of my personal information on it, and I do not use it as much as I once did,” Hosek said. I have also refrained from putting anything to serious on the social media site due to the lack of security.”   

Hosek said that Facebook has a big responsibility in protecting its users, but that she was not shocked to hear about what had happenedShe went on to explain that the website should have had a “total reboot” in response to the leak.  

My reaction to the leak resulted in a strong eye roll, while I think it’s very frustrating that the leak happened, I am not surprised,” Hosek explained. Facebook is a very controlling company that plays a large role in politics, which can lead to a slippery slope when dealing with millions of people’s private information.” 

Antoine also had a final point for everyone who uses Facebook and other forms of social media, point out that users must be mindful that they deserve privacy, but mistakes are inevitable.   

Well people must fight with their privacy to feel safe. Without having to feel in danger because a company they trusted leaked their information and of course our safety is not guaranteed. People make mistakes and those people who made the companies that you trust, also make mistakes.”  

The current leak of hundreds of millions of people’s information is far from the first-time social media users’ have had their privacy compromised, and unless something changes very soon, it is unlikely to be the last.