Get Help Now



Facebook Data Leak: What Happened and What Should I Do?

Posted April 4, 2020

You may have seen something about a Facebook leak on the news or on your social media feeds. On April 6, Facebook acknowledged that personal information from 533 million Facebook users in more than 106 countries has been compromised. In light of this event, you should take this opportunity to look at your personal data security habits.

What happened?

In 2019, malicious actors used automated software to scrape user data from Facebook via the tools used to import contacts. Facebook became aware of this activity in September 2019 and fixed the vulnerability, but they did not publicly announce their findings. In January 2021 the cybercrime intelligence firm Hudson Rock discovered the database of personal information for sale on a ‘low-level hacking forum.’ The data has since been released on the same forum for free. Facebook has announced that they do not plan to notify affected users.

What was compromised?

According to Facebook, only information that was publicly available on user profiles was included in this dataset. The data trove contains phone numbers, email addresses, hometowns, full names, and birthdates. No sensitive information such as passwords, credit cards, or social security numbers were found in the database, but the personal information leaked could leave users vulnerable to phishing scams or identity fraud.

What should I do?

Our cybersecurity experts recommend the following steps:

  • Change your Facebook password, just in case. If you use your Facebook password for other sites, change those passwords as well.
  • Review your Facebook account activity for any unrecognized posts, messages, or app authorizations.
  • Use a trusted third-party service like HaveIBeenPwned to check whether your information was included in this leak (or other breaches). They have recently updated their service to include phone numbers in the wake of this Facebook event.
  • If your personal information has been compromised, consider fraud or credit monitoring services. Many banks and credit card companies provide this service at little to no charge.
  • For more information, see MIT Technology Review’s article, CNN’s coverage, or Facebook’s official release.


Let’s Discuss Your Cybersecurity Needs

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from - Youtube
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound
Contact Us