Irish DPC says Facebook data leak affects “significant number" of EU users

The regulator is investigating the data leak involving the personal details of 533 million users

Ireland’s Data Protection Commission (DPC) is investigating the Facebook data leak involving the personal details of 533 million users.

The DPC, the Irish supervisory authority responsible for monitoring the application of GDPR, stated that of the 533 million individuals caught up in the leak, a “significant number” are EU users. It also said that much of the data appears to have been scraped some time ago from public Facebook profiles.

The DPC also explained that previous datasets were published in 2019 and 2018 and related to a large-scale scraping of the social media giant’s website, which Facebook advised occurred between June 2017 and April 2018, when it closed off a vulnerability in its phone lookup functionality.

“Because the scraping took place prior to GDPR, Facebook chose not to notify this as a personal data breach under GDPR,” wrote the DPC.“The newly published dataset seems to comprise the original 2018 (pre GDPR) dataset and combined with additional records, which may be from a later period.”

The DPC stated it had attempted to establish the full facts of the leak and is continuing to do so, although it has received “no proactive communication from Facebook”.

After the DPC contacted Facebook “through a number of channels”, the social media giant stated that the information in the dataset was publicly available and scraped prior to changes made to the platform in 2018 and 2019. 

“As I am sure you can appreciate, the data at issue appears to have been collated by third parties and potentially stems from multiple sources. It therefore requires extensive investigation to establish its provenance with a level of confidence sufficient to provide your Office and our users with additional information,” Facebook told the DPC.

Furthermore, the DPC said that some of the records released on the “hacker website” contain phone numbers and email address of users, which creates risks for users who may be spammed for marketing purposes.

Facebook stated in a blog post that it believes malicious actors used the organisation’s contact importer to scrape data from users’ Facebook profiles prior to September 2019. 

“Through the previous functionality, they [malicious actors] were able to query a set of user profiles and obtain a limited set of information about those users included in their public profiles. The information did not include financial information, health information or passwords,” it stated.

Have I Been Pwned, a free service created by security blogger Troy Hunter, has added phone number functionality to its database to allow users to see if their personal numbers have been exposed in the latest Facebook data leak.

The data of 533 million users was published by a hacker on a low-level hacking forum over the weekend. The data was available to be downloaded for free and allowed anyone to look up a Facebook user’s record using their phone number. The records, which represented around a fifth of the company’s entire user base, contained phone numbers, full names, birth dates and more.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now


Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

Dell XPS 15 (2021) review: The best just got better

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022