Data breach that involves records of 533 million people points to Facebook

A dataset, appearing to be sourced from Facebook, has appeared on a hacking website and contains records of 533 million individuals, Ireland’s Data Protection Commission (DPC) says.

‘Much of the data appears to have been data scraped some time ago from Facebook public profiles. Previous datasets were published in 2019 and 2018 relating to a large-scale scraping of the Facebook website which at the time Facebook advised occurred between June 2017 and April 2018 when Facebook closed off a vulnerability in its phone lookup functionality. Because the scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR.’

‘The newly published dataset seems to comprise the original 2018 (pre GDPR) dataset and combined with additional records, which may be from a later period,’ the DPC says.

Facebook has assured the DPC it is giving highest priority to providing firm answers to the DPC. Facebook said it had "found and fixed" the breach more than a year-and-a-half ago, but the information has now been published in a hacking forum.

See DPC statement, re: Dataset appearing online