Facebook Security Breach May Affect Millions of Users

A recent Facebook security breach reportedly affected around 14 million users of the social media site and may have compromised sensitive data including gender, birth date, and location.

The September Facebook security breach may not have been as large as the infamous Equifax data breach, but exposed very sensitive information from users, according to a report by Consumer Reports.

“To put this in perspective, can you imagine having access to the personal data of the entire population of New York, Chicago, and Los Angeles?” asked Pam Dixon, executive director of the World Privacy Forum, speaking to Consumer Reports. “That’s about how many people lost personal information in this breach.”

Of the users affected by the Facebook security breach, all reportedly had their names and contact information exposed. However, around 14 million of the affected users also had sensitive information compromised including gender, birthdate, religion, relationship status, location, and recent search history exposed as well.

Although this type of information may seem less harmful than the compromising of information such as social security numbers and payment methods, Consumer Reports says the compromised information may actually be more harmful. The data could be used to launch further attacks, scam other users, or crack security questions.

“Most data breaches involve financial information, but your Facebook account can be misused in a number of ways that are harmful,” says Justin Brookman, director of privacy and technology policy for Consumers Union — the policy and mobilization division of Consumer Reports.

“Accessing your private communications and posts by itself is pretty invasive, but that information could also be used to crack account security questions or to scam you and your friends.”

Additionally, having seemingly irrelevant information may make scams more believable. Small details may allow hackers and identity thieves to craft a believable narrative and access parts of users’ lives which cannot be changed as easily as a credit card.

“If they know specific things—my mom’s name, my kids’ names, their birthdates—they could easily look legitimate,” states Sam McLane, chief technology services officer at cybersecurity firm Arctic Wolf Networks, speaking to Consumer Reports. “They call and say, ‘This is Chase, and we notice that you went to Bob’s House of Tacos last Thursday. Suddenly, it makes it believable enough that I suspend my suspicions.”

If the Facebook security breach were to have exposed information such as social security numbers of payment information, concrete actions could be taken to prevent fraud and identity theft. New cards can be issued for accounts, passwords can be changed, and even a social security number can be reissued.

However, personal information such as date of birth and hometown remain true forever, and damage related to this compromised data may be more difficult to manage. Consumers who were affected by the Facebook data breach can take steps to protect themselves from fraud and further damage.

All users affected by the Facebook data breach should remain vigilant of communications and unsolicited information. Emails with unusual attachments, requests for personal information, and suspect URLs may be malware in disguise. The use of antivirus programs may also assist in monitoring for these sorts of fraudulent behaviors.

Facebook is currently embroiled in a myriad of legal actions, most infamously the Facebook class action lawsuit over the alleged misuse of user data by Cambridge Analytica. Class action lawsuits are also proceeding regarding Facebook advertising, and Pixel service.

Join a Free Facebook Data Breach Class Action Lawsuit Investigation

If you had a Facebook account by Sept. 27 and your account was affected by the Facebook data breach, you may qualify to join this Facebook class action lawsuit investigation.

Learn More