Skip to Content
Silicon Valley

What you need to know about the Facebook data leak

The data trove, uncovered by security researcher Alon Gal, includes phone numbers, email addresses, hometowns, full names, and birth dates.

Zuckerberg
Zuckerberg
AP

The news: The personal data of 533 million Facebook users in more than 106 countries was found to be freely available online last weekend. The data trove, uncovered by security researcher Alon Gal, includes phone numbers, email addresses, hometowns, full names, and birth dates. Initially, Facebook claimed that the data leak was previously reported on in 2019 and that it had patched the vulnerability that caused it that August. But in fact, it appears that Facebook did not properly disclose the breach at the time. The company finally acknowledged it on Tuesday, April 6, in a blog post by product management director Mike Clark.

How it happened: In the blog post, Clark said that Facebook believes the data was scraped from people’s profiles by “malicious actors” using its contact importer tool, which uses people’s contact lists to help them find friends on Facebook. It isn’t clear exactly when the data was scraped, but Facebook says it was “prior to September 2019.” One complicating factor is that it is very common for cyber criminals to combine different data sets and sell them off in different chunks, and Facebook has had many different data breaches over the years (most famously the Cambridge Analytica scandal).

Why the timing matters: The General Data Protection Regulation came into force in European Union countries in May 2018. If this breach happened after that, Facebook could be liable for fines and enforcement action because it failed to disclose the breach to the relevant regulators within 72 hours, as the GDPR stipulates. Ireland’s Data Protection Commission is investigating the breach. In the US, Facebook signed a deal two years ago that gave it immunity from Federal Trade Commission fines for breaches before June 2019, so if the data was stolen after that, it could face action there too.

How to check if you’ve been affected: Although passwords were not leaked, scammers could still use the information for spam emails or robocalls. If you want to see if you’re at risk, go to haveibeenpwned.com and check if your email address or phone number have been breached.  

Keep Reading

Most Popular

open sourcing language models concept
open sourcing language models concept

Meta has built a massive new language AI—and it’s giving it away for free

Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3

transplant surgery
transplant surgery

The gene-edited pig heart given to a dying patient was infected with a pig virus

The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

Muhammad bin Salman funds anti-aging research
Muhammad bin Salman funds anti-aging research

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging

The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

Yann LeCun
Yann LeCun

Yann LeCun has a bold new vision for the future of AI

One of the godfathers of deep learning pulls together old ideas to sketch out a fresh path for AI, but raises as many questions as he answers.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.