Facebook has stated that it will not notify the 533 million users who had their personal data accessed in a data breach occurring before August 2019.
Business Insider reported that the stolen data was recently made public in a database on an amateur hacking forum. The stolen user data includes phone numbers, full names, locations, some email addresses, and other profile information.
The data breach affected users in 106 countries.
Facebook stated in a blog post that hackers exploited a vulnerability in a feature that allowed users to find each other by phone number. The feature is no longer being used on the platform.
Facebook reported that it found and fixed the problem in August 2019 and that cybercriminals can no longer use the same method to steal data.
According to a spokesperson for Facebook, the organization decided not to notify users because it is not confident which users need to be notified and the stolen information did not include financial or health information or passwords. In addition, the information was publicly available and users could not fix the issue themselves.
However, according to security experts, the data leak still leaves Facebook users vulnerable. The founder of CyberScout said that phone numbers are a universal identifier and it creates danger for people when their phone number is public.
For example, two-factor authentication frequently relies on phone numbers to verify a person's identity. Emma Bowman "After Data Breach Exposes 530 Million, Facebook Says It Will Not Notify Users" npr.org (Apr. 09, 2021).