The Facebook data breach that affects over 533 million users explained

If you’re a Facebook user, brace yourself for this one. It’s recently come to light that 533 million Facebook users’ details were found on a very suspicious hacker forum. The details found include users’ phone numbers, Facebook IDs, full names, locations, birthdays, and email addresses – all typical information that is stored on a Facebook account. Due to the sensitivity of this data, there’s been a big concern raised around the further cybersecurity risk that this causes – the chance of the affected individuals being targeted by hackers for serious issues like access to their bank details. For example, with the phone numbers used for 2-factor authentication, hackers would be able to use this to bypass security feature measures that are there to protect users.

Facebook hack explained

Firstly, all of this sensitive user data had been offered for sale on a hacker forum at a very high price, which is probably why there was a limited number of bidders actively going for it at the time. However, the price then dropped significantly, making it much more affordable for people to buy and use illegally. Worse yet, all of this Facebook data has recently been discovered for free on a not-very-sophisticated hackers’ forum. 

This does not mean, however, that the data has no value. The data is still very lucrative to marketing companies and 3rd party businesses that will sell this data to other companies, who can select exactly what details they want from the list and then target individuals with spam calls, texts, and emails. Ultimately, this list of over 500 million users has given scammers a verified contact list that they can actively target and profit from, making it a massive crisis for both Facebook and its users alike. 

Has this happened to Facebook before?

As the data Goliath that Facebook is, this sort of issue is unfortunately not a one-off. Back in 2018, Facebook experienced the same issue where data was scraped from its site and sold off in hacker forums at a premium rate. This hack didn’t make a lot of noise in the media but one that we are all very familiar with is that of Cambridge Analytica. 

It was a time where Mark Zukerberg had to face the Senate questions and explain the role Facebook played and the famous response “I’ll look into this and get back to you”. Just to be clear, Cambridge Analytica did not hack Facebook but they accessed over 87 million accounts without any consent. It made the news when the media found that this data was used to target individuals for the up-and-coming 2016 election and how this could have impacted the results of the election. 

What does Facebook have to say about this hack? 

One of the major issues with this recent news has been the lack of information Facebook had given, right up until it was made public. Arguably, the hushed response from Facebook has proven massively unhelpful to those of us that could be victims of this data breach who have many questions needing answered. 

In a recent blog on Facebook’s site, Mike Clark wrote “It is important to understand that the malicious actors obtained this data not through hacking our systems but by scraping it from our platform” in an attempt to try to reassure the public and its users that the security on Facebook is not affected by this. Mike also explained how the actors managed to scrape the information – “We believe that data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer”. This feature was “designed to help people easily find their friends to connect with our services using their contact list”. The good news for all Facebook users is that this issue was fixed in August 2019 once Facebook was made aware of it. 

What does this mean for Facebook now?

With all the recent bad press around Facebook, this definitely hasn’t come at an ideal time. As this hack concerns identifiable information, it could mean more legal battles for the tech giant and with that, more fines. 

In Europe, since the 2018 GDPR introduction, the Facebook hack could mean a hefty fine for them since they did not disclose or report the breach within the 30-day time limit which is what the law requires. Facebook failed to alert its users directly, or disclose those users that were affected. It’s important to note, however, that some of the data found on the hacked list are not all from 2018/2019, which means Facebook did not breach any GDPR rules for this selection. 

Currently, the Irish government, EU data commission, and the UK have started investigations into this as the penalties for companies that breach this rule are high. The US will also be investigating this with the Federal Trade Commission looking into the steps Facebook took during and after this event. 

The impact of this hack on Facebook

Facebook does not only need to worry about the financial cost it will need to bear from fines but more importantly, it will need to now try and rebuild trust with its users. Facebook has a lot of ground to make up as it hasn’t exactly had a good response to their tackling of this breach. Ironically the data breach also made Zuckerburg’s contact number available which may cause Facebook to dial down harder on their protocol.

There are a lot of things Facebook needs to do and personally, I think it’s imperative to act fast and make sure your users are the number one priority. Facebook should have contacted the affected individuals immediately, giving them the chance to take precautions before anyone could do further damage to their data. 

Here at StatusCake, we believe in making sure that all of your data is protected. By the end of April 2021, we’ll have new functionality that will tell you if your email address and/or password have previously been compromised when you sign up for a StatusCake account. This gives you extra peace of mind and the ability to look further into any issues that may show that your details have previously been compromised. Alongside this, we offer domain monitoring, server monitoring, and virus scanning to always keep you in the know of any potential malicious threats that could be lurking beneath the surface of your website. Maybe Facebook might sign up for a trial after this hack? 

Share this

More from StatusCake

Google algorithm
How To

The ultimate Google Algorithm update checklist for your website

4 min read It’s time – Google’s algorithm update is set to come into play this month and that means that thousands of websites are going to be impacted. Is yours ready for the update? Use our algorithm checklist to make sure you’ve ticket everything off before it affects your SEO rankings.


10 of the best podcasts you should be listening to right now

6 min read Struggling to find a podcast that you want to listen to? Or never tried to listen to a podcast on your daily walk? Here’s our top 10 podcasts that you definitely should be listening to whether you like entertainment news, sports, tech or business podcasts.

computer interacting with people across the globe
How To

How to promote affiliate links and monetize your blog

6 min read Affiliate marketing is on the rise and it’s not surprising considering how much money can be made for such little effort. Whether you’re simply looking to just add an affiliate link to your website or blog, or you want more inventive ways to make a commission with affiliate marketing then read our helpful guide to get you started.

project Bernanke lawsuit
In The News

Project Bernanke – Google’s Secret Ace

3 min read You may have heard whispers of Google’s lawsuit regarding Project Bernanke but we’ve got the downlow on everything you need to know about exactly what Project Bernanke is and why the State of Texas is filing a lawsuit against them.

How To

The 5 easiest ways to spot a fake website in seconds

5 min read Do you know how to spot a fake website? No? Stop what you’re doing. Literally stop. You need to read these quick 5 ways of noticing instantly if the website you’re on is trustworthy or not. Hold onto those credit card details until you do!


8 major websites that you won’t believe went down in April

4 min read You might be surprised to learn that even mega famous, widely-used companies like Amazon and eBay experience website downtime. They’re not the only ones. Find out the big 8 that have gone down this April and how you can monitor your uptime!

Join our newsletter & we'll donate $0.50* to the 999 Club charity

Get weekly inspiration & hacks from our expert blogs plus exclusive access to podcasts and discounts.

*Up to $250 per month