CloudInternetNewsSecurity

Data from 500 million Facebook users leaked and shared for public download

A massive data leak from Facebook was collected and shared online, which includes data from more than 500 million users.

The data is ordered by country and for each country an export list in a clear text file can be downloaded.

Facebook data leak
Screenshot from Facebook data leak

The data is structured and fields are separated by colons, containing mobile phone number, first name, last name and other fields such as residence, job or marital status (if entered by the user).

The data leak contains ordinary people just like you and me but also data from governments and celebrities. The following excerpt from the Switzerland export shows the private information, including mobile phone number, from Ignazio Cassis, the foreign secretary of Switzerland:

Data from leaked Facebook export
Facebook data leak also contains private information from government officials and celebrities

The data can be verified with the actual profile:

Facebook profile of Ignazio Cassis
Facebook profile of Swiss foreign secretary

The data leak is a serious privacy issue. Facebook wrote a statement (The Facts on News Reports about Facebook Data), trying to appease the data leak.

Malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019.

Mike Clark, Product Management Director at Facebook Inc.

Whether the data was obtained through a systems hack or by scraping through the platform is nevertheless a serious issue. As of Facebook's statement, it is believed that a former tool (Contact Importer) was abused to scrape through millions of user data. Facebook changed the way this tool works in 2019 – which should prevent such data scraping (according to Facebook).

We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019.

Facebook statement on the data leak

The fact that there is no 100% certainty, even from Facebook, shows that there are (hidden? public?) ways of exporting data of Facebook's users – obviously without any high security authorization.

Hats off to Facebook users which never provided any phone number to Facebook. That was a very wise decision.

Claudio Kuenzler
Claudio has been writing way over 1000 articles on his own blog since 2008 already. He is fascinated by technology, especially Open Source Software. As a Senior Systems Engineer he has seen and solved a lot of problems - and writes about them.

Leave a reply

Your email address will not be published.

More in:Cloud