Massive Leak: Hacker Claims to Have Unveiled 1.2 Billion Facebook User Records
A hacker claims to have compromised the personal data of 1.2 billion Facebook users, potentially making this one of the largest security breaches linked to the platform and raising new concerns about user privacy and data protection on social media.
Tl;dr
- 1.2 billion Facebook profiles exposed via API breach.
- Leaked data includes names, emails, and phone numbers.
- Meta criticized for lacking robust API protections.
A Familiar Pattern: API Vulnerabilities Strike Again
The specter of yet another massive data breach is looming over Facebook, as a fresh incident shakes confidence in the security posture of its parent company, Meta. Reports from the specialized site Cybernews indicate that a hacker exploited an API vulnerability to siphon off a staggering 1.2 billion Facebook profiles. The dataset—reportedly published on a notorious data leak forum—contains sensitive details, notably names, email addresses, phone numbers, and usernames. This raises pressing questions about whether current API security measures are remotely sufficient.
Authenticity Confirmed: The Scope Comes Into Focus
Following the initial disclosure, cybersecurity researchers at Cybernews moved swiftly to verify the threat’s seriousness. After examining a sample of 100,000 leaked records, their verdict was unequivocal: the information appeared genuine. Although there is still some uncertainty regarding the total scale—the hacker in question had only made a second post—the potential impact is undeniably severe. As Jurgita Lapienytė, editor-in-chief at Cybernews, put it: « If this leak is confirmed, it would be one of the largest information thefts ever suffered by Facebook. »
Several factors drive such concern among experts:
Repercussions and Repeated Mistakes
Reflecting on industry history provides little comfort. This episode closely echoes previous incidents, most notably the high-profile 2021 breach where data belonging to over 500 million Facebook users—including phone numbers and locations—was posted online. That earlier exposure led regulators in Ireland to fine Meta €265 million. But lessons appear to have gone unheeded: APIs continue to serve as both an indispensable tool and a recurrent Achilles’ heel—not just for social media giants but for companies like Shopify or OpenAI, both recently beset by similar issues.
A Persistent Lack of Foresight on Data Security
At the heart of the controversy lies a familiar pattern: « Incidents keep repeating at Meta; action comes only after breaches rather than through anticipatory protection of sensitive API-accessible information, » say analysts at Cybernews. The upshot is clear: user trust erodes further with every new incident. Meanwhile, those whose data has been exposed face dangers extending far beyond mere spam—ranging from advanced phishing scams and financial fraud to long-term invasions of privacy.
With APIs remaining essential yet vulnerable building blocks across digital platforms, the latest breach at Meta stands as another urgent call for more vigilant, preventive safeguards in our interconnected world.