-
In May 2018, 14 million people's private posts were shared publicly even though they were initially posted with viewing limitations. Matsakis, Louise. “Facebook Bug Made up to 14 Million Users' Posts Public for Days.” Wired, Conde Nast, 7 June 2018, https://www.wired.com/story/facebook-bug-14-million-users-posts-public/.
-
In September 2018, Facebook announced that attackers had accessed user data, allowing them to see the entire contents of user profiles. Users can view their profile as if they were another user, giving users insights into what other Facebook users could potentially see. Romano, Aja. “Facebook Says 50 Million User Accounts Were Exposed to Hackers.” Vox, Vox, 28 Sept. 2018, https://www.vox.com/2018/9/28/17914598/facebook-new-hack-data-breach-50-million.
-
The New York Times released a report showing that Facebook had violated user's consent on privacy. Even after Facebook promised the FTC it would not share user data without explicit permission, Facebook continued to sell users’ information to over 150 companies.
-
Researchers with the security firm "UpGuard" found approximately 540 million Facebook user records captured by app developers stored in an Amazon cloud public server, making the information accessible to the public through the internet. The data included Facebook IDs, account names, comments, reactions, likes, and more. Team , UpGuard. “Losing Face: Two More Cases of Third-Party Facebook App Data Exposure: Upguard.” RSS, 3 Apr. 2019, https://www.upguard.com/breaches/facebook-user-data-leak.
-
Facebook uploaded 1.5 million users’ email contacts without their permission. When the new user opened their account, Facebook asked the person to enter their email password to verify the email. Choudhury, Saheli Roy. “Facebook Says It 'Unintentionally Uploaded' 1.5 Million Users' Email Contacts without Permission.” CNBC, CNBC, 18 Apr. 2019, https://www.cnbc.com/2019/04/18/facebook-reportedly-uploaded-people-email-contacts-without-consent.html.
-
The Federal Trade Commission announced a $5 billion fine and mandated a new round of requirements to bring Facebook in line. Coldewey, Devin, and Natasha Lomas. “Facebook Settles with FTC: $5 Billion and New Privacy Guarantees.” TechCrunch, TechCrunch, 26 July 2019, https://techcrunch.com/2019/07/24/facebook-settles-with-ftc-5-billion-and-new-privacy-guarantees/.
-
An unsecured server holding personal data on 419 million Facebook users was found in September 2019. The server was publicly accessible, allowing potentially anyone to find the Facebook ID and phone number of the impacted user. In some cases, the user’s name, and country location. Whittaker, Zack. “A Huge Database of Facebook Users' Phone Numbers Found Online.” TechCrunch, TechCrunch, 25 Nov. 2020, https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/.
-
Facebook user data from approximately 267 million accounts was found unprotected on the dark web. The data included names, phone numbers, and Facebook IDs. New York , CBS. “Over 267 Million Facebook Users Have Account Info Exposed on Dark Web in Massive Data Breach.” CBS News, CBS Interactive, 21 Dec. 2019, https://www.cbsnews.com/newyork/news/facebook-dark-web-data-breach/.
-
Facebook engineers discovered an issue that enabled third-party developers to access personal data on users they should not have had access to. Thousands of developers could still see data on inactive users if those inactive users were Facebook friends with someone who was an active user. Wagner, Kurt, and Bloomberg. “Facebook Admits Another Blunder with User Data.” Fortune, Fortune, 2 July 2020, https://fortune.com/2020/07/01/facebook-user-data-apps-blunder/.
-
In April 2021, a trove of data pertaining to over 530 million Facebook users was publicly posted in an online hacking forum. The leaked data appears to have been scraped from Facebook in 2019, when a group of hackers exploited a vulnerability in Facebook’s contact importer. NEWS, CBS. “Facebook Faces Investigation over Data Breach.” BBC News, BBC, 14 Apr. 2021, https://www.bbc.com/news/technology-56745734.