Facebook didn’t notify any of the more than 530 million users whose details were part of the recent data leak — and does not have any current plans to do so, a company spokesperson told Reuters on Wednesday.
Following a Business Insider report last week, Facebook confirmed that “malicious actors” scraped more than 530 million users’ data prior to September 2019 by exploiting Facebook’s contact synching tool.
Thankfully, Facebook confirmed that the scraped information didn’t include health or financial information, or passwords, but it did include information that could be valuable for hackers.
Information leaked online included phone numbers, birth dates, full names, email addresses and more.
According to Reuters, Facebook wasn’t even sure it knew which users needed to be notified of the hack and, on account of the fact that there’s nothing individual users can do to fix the issue, it decided to simply… not tell anyone.
If you’re scratching your head wondering how the heck Facebook came to that conclusion, you’re not alone.
However, they did confirm that they fixed the loophole after they identified how the “malicious actors” scraped the data. So that’s good, I guess.
Although Facebook has zero plans to notify you if your data was caught up in the leak, there are other ways to find this out for yourself.
Thanks to Microsoft Regional Director Troy Hunt, who created haveibeenpwned.com, you can simply search your email or phone number and find out if your account was compromised.
However, it’s worth noting that searching with your mobile number, rather than your email, comes with its own security risks. But ultimately, Hunt believes the reward outweighs the risk in this case.
“There’s over 500M phone numbers but only a few million email addresses so >99% of people were getting a ‘miss’ when they should have gotten a ‘hit,’” Hunt said on his website while explaining why he added the phone number search option.
“The phone numbers were easy to parse out from (mostly) well-formatted files. They were also all normalised (sp) into a nice consistent format with a country code. In short, this data set completely turned all my reasons for not doing this on its head.”
You can check if you’ve been pwned here.