Facebook Data Leak Exposes 87 Million User Profiles

What happened? 

The Facebook data leak of 87 million users is anything but a normal breach event. What started as another attention-grabbing headline in the news has now become a data scandal of international proportions. 


What we know so far

In March 2018, Facebook first confirmed a leak of 50 million users. The Facebook data was collected from a third-party app that individuals had connected to their Facebook accounts.

This ordeal began in 2014 when online users were offered a way to make easy money: take an online survey, download a free Facebook app and connect it to your account, then receive payment for participating.

In fact, an estimated 320,000 users participated in the survey.

Fast forward to March 2018 when an ex-employee of Cambridge Analytica came forward about how the Facebook data was used. Christopher Wylie, the company’s co-founder, revealed that the third-party app allowed his company to collect participants’ private Facebook data – and 160 of their friends’ data too.

When the leak first went public, Cambridge Analytica stated that it did not have Facebook data, nor did it work with Facebook data altogether. Now, the company maintains that the data in question was deleted immediately once Facebook had reached out to them.

Facebook revised the number of impacted individuals on April 4, 2018 from 50 million to 87 million users.


What is currently being done

Founder Mark Zuckerberg addressed the fact that “people put the information there themselves” in a public statement earlier this week. However, when asked about the role Facebook played in this security event, Zuckerberg admitted, “I didn’t take a broad enough view.”

The Facebook data leak even had international impact, specifically in European countries and Australia. Both regions are making efforts to better understand what happened, what lessons can be learned and the regulations needed to hold companies accountable for the way they handle sensitive data.


What we still don’t know

Even with extensive media coverage around this incident, there are still many questions left unanswered:

  • Did Cambridge Analytica illegally access data from Facebook users who weren’t participants of this online survey?
  • Does Facebook play a larger role in collecting and sharing private user data?
  • Is it inevitable that our data will be compromised no matter what we do?

The good news is that Facebook has taken initiative to tighten its data privacy measures.

Facebook Disables Search Account & Recovery Feature

The “Search Account and Recovery” feature has been disabled so that profiles cannot be searched by utilizing public information.

“We believe most people on Facebook could have had their public profile scraped in this way,” Facebook’s chief technology officer Mike Schroepfer said. “Scraped” in this case simply means capturing public information, like email addresses and phone numbers, from Facebook profiles to obtain other associated, more sensitive information.

Facebook also plans to notify impacted customers by adding a message to the top of their News Feeds. This will allow affected users to review the apps they use and the information shared with them, as well as how to remove them if they’d like, the company said.


What should I do?

Whether you plan to share this Facebook data leak story online, or you’re ready to ditch social media altogether, use the tips below to help you navigate through this confusing situation:

“I want to keep Facebook, but I don’t know what to do.”

  • Audit your Facebook account details, messages and posts for instances where your personal information could be shared or viewed publicly. Avoid sharing your full birth date, phone number, physical and email address.
  • Disable location services on your devices. Enabling location services allows other apps (like Facebook) to access your location data from your device.
  • Refrain from cross-linking other apps and services with your Facebook account. Again, this allows any connected app to access your Facebook data.

To find out which apps are currently using your Facebook data, follow these steps:

  • Go to your Facebook settings.
  • Click the “Apps” tab on the left-hand menu. Apps that appear on this page are currently collecting and using your Facebook data.
  • Click each app to see the information it’s collecting and manage your settings accordingly.


“I’m not sure if I want to keep my Facebook account.”

If you’re still worried about having a Facebook account, there are two other, more stringent choices: account deactivation and permanent deletion. Temporary deactivation is reversible, and your profile can be restored at any time. However, deleting your account is permanent and cannot be undone.

To temporarily deactivate your Facebook profile, follow these steps:

  • Go to your Facebook settings.
  • Click the “General” tab on the left-hand menu.
  • Select “Manage Account.”
  • Scroll to the bottom and click “Deactivate your account.”

To permanently delete your account, follow these steps:

  • Go to your Facebook settings.
  • Click the “General” tab in the left-hand menu.
  • Select “Manage Account.”
  • Scroll to the bottom and click “Request account deletion.”

Note: You must send a request to Facebook before your account is deleted. This process can take up to 90 days. However, Facebook allows you to download a copy of your data (images, photos, posts, statuses, etc.) prior to deletion.

Continue following Fighting Identity Crimes for updates on this story, plus more ID protection news & tips from our industry experts.


The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.