In the past hours, facebook has also published a post on its official blog explaining all the facts about what happened. Is said that the information has not been stolen by penetrating facebook systems, but by abusing a function that is no longer available from September 2019. However, the user does not change much: the personal data of 533 million people, including phone numbers, names, addresses and much more are still on the net and are freely accessible to all.
Fortunately, a method to verify if your personal data is finished online is: just head over to have i been pwned and enter the phone number in international format (eg. Everything comes from the import of contactsfacebook, therefore, also considers that the data is old and not necessarily updated. But it is true that a person does not change phone number (or name, if it is for this) too often .
For the rest, facebook says it’s working to make the database go offline, but it looks like it’s impossible. A situation that remains unclearfor many security experts, however, the facebook response to the incident was lacunosa and the situation remains unclear. This could also affect the investigations of the authorities to understand whether the latter event represents a violation of the gdpr, the European privacy law, which could cost facebook sums of money.
It is interesting to report in this regard that the Irish privacy provider says he has not received proactive communication from facebook.