On April 3, Business Insider uncovered how more than 530 million Facebook users personal information had been made publicly available in an unsecured database – this included names, email addresses, and phone numbers.
And now, VPN provider Surfshark has revealed that of the affected users, Egypt is the number one victim of this hack with the accounts of 45.1 million users being exposed while 14.3 million users were South African.
In general, the top 10 countries by breaches make up 50% of all the breach cases – and of those cases, fewer than 10% of the profiles had their addresses exposed. On the other hand, nearly 90% of the users suffered from phone number leaks
Facebook has since disclosed that it doesn’t plan to notify the users whose data was exposed online. According to The Verge, the social media platform “cited two reasons as to why it’s not telling users proactively: it says it’s not confident it would know which users would need to be notified and that users wouldn’t be able to do anything about the data being online”.
Facebook believes that the data leak is the result of malicious actors who obtained the data by scrapingit from the platform prior to September 2019.
“We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019. This feature was designed to help people easily find their friends to connect with on our services using their contact lists,” says Mike Clark, Product Management Director at Facebook.
“When we became aware of how malicious actors were using this feature in 2019, we made changes to the contact importer. In this case, we updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users.”