Facebook CEO Mark Zuckerberg’s own personal information was among the details of 533 million Facebook users that leaked in a data breach, it has emerged.
Facebook has now confirmed that the leaked data was obtained not by a hack, but by scraping the platform prior to September 2019. The company now says that an exploit was found in its contact importer, but the “specific issue that allowed them to scrape this data in 2019 no longer exists.”
Facebook has not clarified exactly what personal information leaked about the 533 million users, and has only said that “the information did not include financial information, health information or passwords.” Although the company has not issued an apology over the data breach, it has said that Facebook is “focused on protecting people’s data” and recommends that “people do regular privacy checkups to make sure that their settings are in the right place, including who can see certain information on their profile and enabling two-factor authentication.”
Wired reported late last week that the personal information of a number of high-profile individuals was among the leaked details, including those of Zuckerberg:
The information from more than 500 million Facebook users in more than 106 countries contains Facebook IDs, phone numbers, and other information about early Facebook users like Mark Zuckerburg and US secretary of Transportation Pete Buttigieg, as well as the European Union commissioner for data protection, Didier Reynders. Other victims include 61 people who list the “Federal Trade Commission” and 651 people who list “Attorney General” in their details on Facebook.
Facebook and its subsidiary, Instagram, were found to be the most “invasive” apps for collecting data from users under Apple’s app privacy labels. The company has also come under fire from security researchers for collecting and using data from link previews in Facebook Messenger and Instagram in a way that would breach European privacy law.
Facebook has suffered from major data breaches in the past. In 2018, a security vulnerability allowed hackers to steal data on 29 million Facebook users, including personal details about usernames, relationship status, religion, birthdate, location, and more.