At the start of April, hackers leaked the data of 533 million Facebook users from 106 countries in an online hacking forum. The leaked data included the private information of Facebook users like full names, phone numbers, email addresses, locations, Facebook IDs, and biographical data.

While hackers obtained the information in 2019, there are serious concerns over how cyber criminals could use this data to launch future attacks. As Alon Gal, Chief Technology Officer of Hudson Rock, explained in a Twitter post, “bad actors will certainly use the information for social engineering, scamming, hacking, and marketing.”

The widespread availability of the data means that malicious entities essentially have a lookup database for compromised Facebook user information. They can pair an individual’s name with their phone number. This makes it much easier to gather information to use in future scams.

This article will take a closer look at how the Facebook leak happened, how users can respond to the increased threat of social engineering, and tips for users to stay safe in the new threat landscape.

The Facebook Data Leak: Here’s What Happened and Why It Matters

Facebook’s Product Management Director Mike Clark stated in a blog post that he believes the data breach first occurred around September 2019, when malicious actors used Facebook’s contact reporter to query user profiles and gather personal information about particular individuals.

Today all of the information scraped by hackers is now part of an online database where cyber criminals can look up the name and cell phone number of affected users. While Facebook claims to have patched the vulnerability back in 2019, that has done little to contain the damage.

One of the most significant risk factors of the leak is the widespread availability of the data. As Troy Hunt, the creator of the Have I Been Pwned database, noted, “I’m seeing extensive sharing of the data… not just in hacking circles, but very broadly on social media too. This data is everywhere already.”

Now that the data is out there for everyone to see, it’s inevitable that cyber criminals will use the information to concoct future phishing scams and social engineering attempts. Anyone who had their data leaked is at an increased risk of being targeted by future scamming attempts.

How to Protect Yourself Against Social Network and Social Media Data Leaks: Tips for Users

While there’s no way to prevent online companies from falling victim to a data breach or leak, there are several steps users can take to avoid their data from being compromised:

1. Be careful what information you share

Before posting, sharing, or updating personal information on a social platform, consider where that data will end up and who will be able to see it. Do not share more data than necessary. This will reduce the risk of any nefarious acquiring personal information.

2. Adjust your privacy settings

Use your social platform’s privacy settings to control who can see your information. Restricting your posts’ visibility and activity to close friends reduces the likelihood of people you don’t know obtaining personal information.

3. Read privacy policies

Before handing over your information to a service or social platform, read the provider’s privacy policy to see how that information is collected, used, stored, or shared by the organization. Blindly accepting those terms can leave you with no recourse if the service decides to use your data for their benefits as described in their terms and conditions.

4. Avoid online applications with automated Facebook login

Avoid using any applications that offer automatic sign-in with Facebook credentials so that if a hacker manages to get hold of your Facebook details, they won’t be able to access other accounts and hijack additional sensitive information.

5. Use Two-Factor Authentication

Use two-factor authentication to add another security layer to your account (i.e., a code sent to your phone and a password) to reduce the likelihood of someone being able to access your account if they’ve acquired your password.

6. Update your passwords regularly

Data breaches happen all the time, so regularly updating your password with a strong password will decrease the likelihood of unauthorized access if a hacker leaks your account details online.

7. Use a password manager

If you’re struggling to create and remember strong and unique passwords for each of your online accounts, then using a password manager is an excellent way for you to record all your passwords in a safe place.

8. Watch out for social engineering attempts

Read up on social engineering threats like smishing (phishing via SMS messages) and vishing (phishing via voice messages) so that you’re ready to defend yourself against these common threats.

9. Check if your information has been leaked

Use an online tool like Have I Been Pwned to check if your email or mobile phone number has been leaked during a hack and change your password if you find any of your information has been made publicly available.

10. Be cautious of unusual messages

If one of your contacts sends you an unexpected request or promotes an unusual post, validate its credibility before clicking or responding. A hacker may have compromised their account and using it to perform their cyber-attack.


The Facebook data leak is another example of a social network breach that has cost users their privacy. So, if you want to protect yourself and your organization’s information from future violations, pay close attention to the privacy policy of the services you use to see where your information will end up.

In reality, the only way to completely avoid breaches like this is to not hand over your information to social networking companies in the first place. But, if you do, exercise caution with the information you share to minimize any associated risk should it fall into the wrong hands.



Cybersecurity Hub

Cyber Security Hub: Access Exclusive Cyber Security Content

Take advantage of our free Cyber Security Hub – it is your one-stop cyber security awareness and knowledge center with one-click access to our COVID-19 Kit, Work From Home Kit, Password Kit, Phishing Kit and more.