FoxPointe Security Hub

Over 500 Million Facebook User Records Leaked


On April 2, 2021, it was confirmed that a malicious user published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The information, spanning from users across the globe, includes phone numbers, user IDs, full names, locations, birthdates, and some email addresses.

A similar cybersecurity incident occurred at Facebook in 2019, when data was breached from the site due to an exploited vulnerability. Facebook stated that the vulnerability has since been patched, but nevertheless, the data has been compromised again and published into a free online database that was seen in a hacking forum for anyone to peruse.

Malicious users could use the leaked personal information to impersonate users or scam them with a phishing scheme or social engineering attack. Many reports are calling on Facebook to send out personal notifications to all users whose information was directly compromised. However, users should not hesitate to take the following actions:

  1. Immediately change your Facebook login credentials.
  2. Remove any personal information from your bio that is not mandatory.
  3. Remain vigilant with regard to any suspicious email or potential scam.
  4. Change all other passwords that were reused on other sites including your work account login.

FoxPointe Solutions is immediately available and ready to assist you with securing your data and answering any questions you may have, contact us today.

This article was written and produced by Christopher Salone, CCSFP, MBA, FoxPointe Solutions. Looking to get in touch with Christopher? Reach out today:

FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.