Summary box
- Incident date
- 01 Jan 2019
- Reported date
- 01 Apr 2021
- Sources verified
- 2
Back to breach centre
Facebook breach guide
Facebook data breach: what happened and what to do next
You do not need drama. You need signal. Here is the fast reality: what was reported, what may be exposed, and the practical moves worth doing right now.
Status: Confirmed
Last updated: 22 May 2026
Company
Status
Confirmed
Data potentially exposed
Phone numbers, Names, Locations, Profile IDs
Affected scope
Hundreds of millions of user records were reported as publicly circulated.
1. What happened?
Historic account data was compiled and distributed online, creating long-tail phishing and fraud risk.
- Data harvested from platform features was assembled into searchable datasets.
- Records were redistributed broadly after initial circulation.
- The exposure remains useful for social engineering years later.
2. Who may be affected?
- Users with older account settings and long-lived profiles.
- People reusing phone numbers across accounts.
- Users frequently targeted by SMS phishing.
3. What should users do now?
- Review visible profile data and tighten privacy settings.
- Enable MFA on social and email accounts.
- Be cautious with unsolicited SMS links and account warnings.
- Rotate credentials reused across major services.
4. How exposure can spread beyond one incident
Legacy datasets often keep circulating, enabling repeated phishing cycles.
5. How Hushfolk helps
Hushfolk helps users see how old exposure may still connect to current risk signals.
Terms in this article
New to security jargon? These quick definitions keep the page readable.
Need the full list? Open the security glossary.