Skip to content

Facebook Data Breaches: Timeline Upto Dec. 2023

facebook data breaches with timeline

In this article we have covered the full timeline of Facebook data breaches up to the end of 2023. These breaches have resulted in the exposure of the personal information of millions of people, and have led to some major security concerns.

We haven’t seen any Facebook data breaches happen in the year 2023 so far. Below, we’ll tell you more about the social media company’s data breaches and privacy violations history. The most recent one happened in the past.

Latest Update

Link History is a new feature that lets you see a list of all the links you’ve clicked on within the Facebook mobile app over the past 30 days.
It’s essentially a way to track your browsing activity within the Facebook ecosystem, making it easier to revisit previously viewed content.
While some users find Link History helpful for recalling past articles or websites, others have raised concerns about privacy and data collection.
The information stored in Link History can be used by Facebook for targeted advertising, which might raise eyebrows for those who value online privacy.

Facebook Privacy Breach Lawsuit Settlement Claims

Facebook has agreed to pay an sum of $725 million to its platform users as a settlement amount for Cambridge Analytica scandal. The lawsuit was filed against Facebook for sharing its users’ personal information with third parties.

If you are a Facebook user from United State between May 24, 2007 – December 22, 2022, you are eligible for the cash payment from a Class Action Settlement (CAS).

Click on this link to Submit Your Claim Online on or before August 25, 2023 at 11:59 PM PT.

Important Dates To Remember

  • July 26, 2023 – Opt-Out Deadline
  • July 26, 2023 – Objection Deadline
  • August 25, 2023 – Claim Deadline
  • September 7, 2023 at 1:00 PM PDT – Final Approval Hearing

April 2021 – Facebook Data Breach

In April 2021, a large amount of data belonging to users was posted on an online hacking forum. The data appears to have been scraped from Facebook in 2019 when a group of hackers exploited a vulnerability in Facebook’s contact importer.

Back then, Facebook allowed users to easily find people by entering phone numbers into a contact importer. However, hackers were able to scrape users’ profile data by exploiting this feature.

Most data scraped were tied to users’ phone numbers, but only 2.5 million email addresses were obtained.

Facebook fixed a vulnerability in September 2019 that could have allowed unauthorized access to user data. However, the company decided not to notify the 530 million users whose personal data was potentially exposed as a result.

In an internal memo, Facebook dismissed the incident as an unavoidable data scraping issue and stressed the importance of framing it as a broader industry issue. Facebook has been fined by the European Union for violating its General Data Protection Regulation (GDPR).

The Irish Data Protection Commission is proposing a fine of up to 36 million euros for the privacy violations that took place in October 2021.

To check if your data may have been breached, you can visit This website will provide you with information on whether your personal information has been compromised.

June 2020 – Facebook Data Breach

In June 2020, Facebook engineers discovered an issue that allowed third-party developers to access the personal data of users who should not have had access to it.

The company has a new policy that only allows developers to access customer data within 90 days of using the developer’s app.

This means that developers won’t be able to access customer data that they collected while using Facebook’s app in the past.

Facebook was not able to fully fix the issue until recently, but until then, developers could still see data about people who were inactive. This was especially true if those people were friends with someone who was active on Facebook.

December 2019 – Facebook Data Breach

We’re sorry to hear that Facebook user data of 267 million accounts was found on the dark web in December 2019. This is unacceptable and we’re doing everything we can to prevent it from happening again. In March 2020, a second server was found that had data of 42 million more people.

This makes the total number of people who had their data exposed to hackers over the course of the year 309 million.

Both servers were connected to the same criminal group of hackers, which is believed to have used Facebook API abuse or illegal scraping to capture data.

This batch of stolen data was for sale on the dark web again in April 2020. Once data is exposed, it isn’t easy to prevent it from being used again.

September 2019 – Facebook Data Breach

In September 2019, an unsecured server was found that held the personal data of nearly 419 million users. This server was publicly accessible, meaning anyone could access the Facebook ID and phone number of the impacted users.

Some of the user’s data, including their name, country of residence, and gender, may have been stored on the server.

The Facebook user data was not located on the Facebook property, and it’s unclear who accessed the data in the first place. Eventually, the server housing the data was taken down.

July 2019 – Facebook Data Breach

In 2018, the Federal Trade Commission (FTC) began a renewed investigation into privacy violations at Facebook.

This follows a series of incidents in which the social media giant has been accused of mishandling user data. On July 24, 2019, the FTC announced a $5 billion fine against Facebook, requiring the company to make a number of changes to its practices.

These changes include enforcing stringent new privacy rules, improving its data management practices, and increasing transparency around political advertising.

The FTC ordered the company to reorganize its board and create an independent privacy committee, with new privacy compliance officers reporting to the committee. This ensures that Facebook remains vigilant about its customers’ privacy rights.

Under the terms of the settlement, Facebook will be required to change how it handles user data and will be barred from making any further acquisitions that would allow it to have more data on users.

The FTC also intends to use the settlement money to fund projects that promote consumer privacy.

The FTC’s investigation into Facebook began in 2011 after reports that the social media site was using personal data from its users without their consent.

In 2019, the FTC again investigated the social media company after reports that the site was using personal data from its users without their consent.

This time, Facebook was fined $5 billion and required to implement additional measures to protect user privacy. In 2019, the FTC announced that it would be taking action against companies that make misleading claims about their products.

This is in response to a previous FTC investigation that ended in a 2011 settlement. But Facebook (FB) did not abide by the terms of the 2011 settlement, leading to a renewed investigation and penalty in 2019.

April 2019 – Facebook Data Breach

Facebook uploaded 1.5 million users’ email contacts without their permission between May 2016 and 2019. When the new user logged in, Facebook asked them to enter their email address and password to verify their email address.

When the new user registered on Facebook, their contacts’ email addresses were automatically imported into their account. The company then began using the information to improve ad targeting and recommend friends to new users.

April 2019 – Facebook Data Breach

UpGuard researchers found 540 million Facebook user records stored on an Amazon cloud public server. This means that the information is publicly accessible through the internet.

The data included Facebook IDs, account names, comments, reactions, likes, and more from users who had interacted with the page.

After UpGuard discovered that Cultura Colectiva was hosting unsecured data for Facebook, the security firm contacted the server hosting company.

However, it took months before the server was finally secured, as no action was taken until Facebook became fully aware of the situation.

Facebook was not directly responsible for this security breach, as it was the app developers who failed to properly secure the information. However, Facebook is still investigating the matter and is working to ensure that similar incidents don’t happen in the future.

The company has a responsibility to manage its platform properly, and it has said it will not share users’ information with other companies.

Nonetheless, Facebook bears some responsibility for what happens on its platform, and it has pledged repeatedly not to share users’ information with outside companies.

March 2019 – Facebook Data Breach

In March 2019, a report found that 600 million Facebook user passwords were stored in plaintext files, some dating back as far as 2012. This has created a significant security risk for users who may have had their passwords exposed.

Although only Facebook employees had access to those files, it meant that user passwords were fully exposed to approximately 2,000 employees.

In addition, this information may have also been accessible to third-party contractors, as some of these files were stored on company servers.

Later it was discovered that millions of Instagram user passwords were also stored in plaintext files, leaving them vulnerable to being accessed by unauthorized individuals. It is not clear if any of the password data was ever improperly used.

December 2018 – Facebook Data Breach

In December 2018, the New York Times released a report showing that Facebook had violated users’ privacy. The report showed that Facebook had collected data on users’ activities without their consent and that Facebook had shared this data with other companies.

This report raised concerns about Facebook’s privacy practices and the way that Facebook had violated users’ consent. After Facebook promised the FTC that it would not share user data without explicit permission, it continued to sell user information to over 150 companies.

Companies such as Netflix and Spotify could read users’ “private” messages. This could potentially allow companies to track the users’ activities and personal information.

Facebook released a statement claiming that they only share user data with companies that are considered “extensions of Facebook itself,” exempting them from the FTC’s requirements. Netflix and Spotify are not part of Facebook, so they can’t be responsible for the data it collects.

Facebook repeatedly promised users that they could control their privacy, but they continued to share highly private information without informing users or asking for their consent.

This raised concerns among users about the extent to which Facebook had control over their data. That’s a very clear privacy violation.

September 2018 – Facebook Data Breach

After the Cambridge Analytica scandal, Facebook was hit with another data breach. This time, hackers accessed personal information from tens of millions of users.

In September 2018, Facebook announced that attackers had accessed user data, including the full user profiles of many people. This allowed the attackers to see a lot of personal information that these users had shared on the social media platform.

The breach occurred because of a flaw in the “View As” feature, which allowed users to view their profile as if they were another user, potentially giving them insights into what other Facebook users could potentially see.

There is a problem with the code that has given attackers the ability to steal user access tokens, which gives them the ability to see profile information that may otherwise be private.

Facebook has confirmed that vulnerability existed on their platform for more than one year. Once discovered, the issue was corrected and impacted users’ access tokens. In total, the attackers accessed the profile data of up to 90 million users.

May 2018 – Facebook Data Breach

Facebook gives users a lot of control over who can see their posts and their profile. This includes the ability to control who can see your friends’ posts and profiles, as well as posts that you’ve made yourself.

Most Facebook users have the ability to make posts private, which limits who can see the post to, for example, just specific individuals or those included in their list of friends.

In May 2018, a bug caused privacy settings to malfunction. This caused 14 million posts that were initially meant to be seen by only the person who posted them to be shared publicly instead. This happened without the users’ knowledge or consent.

The microblogging site was testing a new feature, and it seems that a bug caused some problems. The bug was quickly identified and a fix was developed, but it took a little longer to roll out. By May 27, everything was fixed.

March 2018 – Facebook Data Breach

Facebook has been in the news lately for a privacy scandal in which 87 million users’ data was shared with a political consulting firm, Cambridge Analytica.

This data was obtained through a researcher at Cambridge, Aleksandr Kogan, who created a quiz app that allowed users to share their data with him.

In 2013 and 2014, Cambridge Analytica used a loophole in Facebook’s API to collect data from people who had downloaded the app, as well as from the friends of those people.

The company said that developers couldn’t market or sell data that is collected through Facebook, but they didn’t always enforce this policy. This allowed Cambridge Analytica to harvest and sell data for years without being punished.

In March 2018, the media began to publicize allegations that Cambridge Analytica had improperly obtained user data. This sparked a response from Facebook, which acknowledged that the data had been improperly obtained and took action to prevent further abuse.

This is a major breach of user privacy, but it cannot be considered a hack because Facebook knew about the issue years ago.

June 2013 – Facebook Data Breach

In June 2013, it was revealed that a bug had exposed the personal data of approximately 6 million Facebook users.

This data included names, dates of birth, and contact information. There was a problem with the contact information archive, which allowed people’s email addresses and phone numbers to be seen by unauthorized people.

Some of the sensitive data on your friend list was accidentally downloaded by someone else. When someone tried to download contact information from their friends, extra contact details that they weren’t authorized to view were also downloaded.

The security breach that has been the subject of much discussion began in 2012, but it wasn’t discovered until 2013. Because of this, the bug was present for about a year before a fix was issued.

January 2013 – Facebook Data Breach

In January 2013, Facebook launched Graph Search, which allowed users to search for information on other users and groups. These searches could turn up information such as old comments, likes, and photos, which users might not want to make publicly available.

Graph Search was met with criticism from privacy advocates who argued that the data that could be accessed through it was too sensitive.

The recent update to Facebook’s privacy settings may not have originally made any previously private information public, but it made otherwise forgotten information much more discoverable, prompting many news outlets to recommend users update their privacy settings.

November 2011 – Facebook Data Breach

On November 29, 2011, the Federal Trade Commission announced that it had reached a settlement with Facebook over the company’s failures to keep user data private.

According to the settlement, Facebook will be required to pay a $20 million fine and make a number of changes to its privacy policies.

In a recent blog post, Facebook CEO Mark Zuckerberg admitted that the company had made a lot of mistakes in the past. He went on to say that the company is working hard to make things right and improve its policies and procedures.

The FTC has finished a settlement agreement that will prevent companies from doing unfair things to consumers. The settlement requires Facebook to make changes to its privacy policy, including new provisions for user consent and data sharing.

The 2011 settlement didn’t solve all problems with user privacy. That’s because, after learning about the Cambridge Analytica scandal, Facebook didn’t tell the FTC or the affected users.

The FTC has found that Facebook has not complied with a 2011 settlement agreement, and as a result, the company has continued to face lawsuits and fines from the agency.

May 2010 – Facebook Data Breach

In May 2010, the Wall Street Journal discovered that Facebook had been sharing user data without the consent of those users. This data sharing violated the company’s privacy policies and caused many users to feel violated.

After it was revealed that Facebook had been collecting data on users’ personal information without their consent, the social media giant stated that the information was not personally identifiable. This included things like a person’s name, age, and hometown.

Facebook has been accused of sharing user data without their consent in the past, and in response, they have closed one particular loophole. But this is not the only way they have done this, and as the timeline shows, their practices have been controversial and harmful to users.

December 2009 – Facebook Data Breach

In December 2009, Facebook made a radical change to its platform, where users share information publicly instead of with a select group of friends. This shift was controversial at first but has since been widely accepted by users.

The company made a major change to its user profiles, converting millions of them from private to public. They also implemented privacy controls that supposedly allow users to control who can see their posts and other information.

December 2007 – Facebook Data Breach

When Facebook first came into widespread privacy concerns, the launch of Beacon – an advertising program – was likely the event.

Beacon allowed Facebook users to share information about themselves, such as their name and contact information, with other Facebook users in exchange for rewards, such as coupons.

Although the program was discontinued after a short period of time, the concerns it raised about Facebook’s privacy policies are still being discussed today.

Beacon was able to track user purchases on other websites and post about what was bought on Facebook, without first getting permission from the user. However, after an outcry, the company added an opt-out option for Beacon.


How much did Facebook Pay for Data Breach?

Facebook’s parent company, Meta has agreed to pay $725 million to settle a major privacy breach of users data.
If you are a registered facebook user from US between May 24, 2007, and December 22, 2022, you are entitled to claim the cash payment from the company.
Click on this link to Submit Your Claim Online.

How do I Stop Facebook Data Breach?

Preventing a Facebook data breach or minimizing the risk of your personal information being compromised use Use Strong and Unique Passwords for your fabook account, activate Two-Factor Authentication, change your facebook password periodically and stay informed and report suspicious activity.

Kevin James

Kevin James

I'm Kevin James, and I'm passionate about writing on Security and cybersecurity topics. Here, I'd like to share a bit more about myself. I hold a Bachelor of Science in Cybersecurity from Utica College, New York, which has been the foundation of my career in cybersecurity. As a writer, I have the privilege of sharing my insights and knowledge on a wide range of cybersecurity topics. You'll find my articles here at, covering the latest trends, threats, and solutions in the field.