Enhance your password security.

Get Started
CTA icon
Facebook Hacks: a History of Security Breaches at Facebook

Facebook Hacks: a History of Security Breaches at Facebook

December 1, 20229 min read


I’d like to believe that more money and employees mean more security. Facebook has copious quantities of both, but its history of data breaches over the past decade indicates that its resources have not been used to create a secure platform that users can trust. 

Though these breaches have violated your privacy, you probably want to keep your account on the platform. Dumping Facebook may not be an option, but you can take steps to protect your personal accounts, even on forums with imperfect security. 

History of Facebook Security Breaches

Over the last decade, Facebook has been involved in numerous damaging data breaches and scandals. Below is a recap of breaches through 2022, as well as steps you can take to mitigate the impact of future data leaks. 

2005: MIT Proves a Point by Gathering Data on 70,000 Users

The first known Facebook security violation took place in December 2005 when researchers at MIT developed a script that could download publicly posted information. In this case, researchers were trying to prove that social media users were vulnerable to leaks because of their over-sharing of information online. This MIT group then gained personal data on over 70,000 users without getting their permission.

Whether we like it or not, any information we post publicly will be harvested and used either maliciously - such as to hack our accounts - or for seemingly innocuous purposes like targeted ads. 

2013: 6 Million Accounts Breached

In July 2013, a “bug” in the Facebook platform exposed the personal information of over six million users to unauthorized parties. The bug involved a user’s ability to download the contact information from the connections on their Friends list. When doing so, they would download additional details that they weren’t authorized to view. 

Cybercriminals had exploited this vulnerability since 2012, more than a year before Facebook executives became aware of it and issued a fix. The stolen data included email addresses and phone numbers.

2014: Cambridge Analytica

Voter-profiling company Cambridge Analytica gained access to the private information of 50 million Facebook users without their knowledge or permission. While technically not a breach or unintended vulnerability, Cambridge Analytica was using the data in direct violation of Facebook’s policies, providing the Trump campaign with invaluable insights into US voter attitudes and potentially helping to sway the election. 

Various news outlets discovered the breadth of this Facebook security breach in 2018. Until then, the company had kept many of the details quiet. A self-proclaimed outside researcher paid Facebook for the information, a practice that was allowed under their rules. However, this party then passed along the data to Cambridge Analytica, who used it to benefit a private client - something that Facebook definitely did not allow. Even after this scam was uncovered, Cambridge Analytica kept much of the information they had fraudulently acquired. 

Foreign and domestic government officials and other parties furiously criticized Facebook for this incident, claiming that their security was woefully lacking and that they had almost casually exposed their users’ information to outside operators. 

In response to this criticism, Mark Zuckerberg said that Facebook does not sell user data and pointed to the policy posted on the platform. 

March 2019: 600 Million Passwords Exposed

In March 2019, cybersecurity expert Brian Krebs learned that Facebook was storing upwards of 600 million user passwords in plain text files that were available to more than 2,000 Facebook employees. The employees had been logging and storing these passwords through internally-built applications. The investigation revealed passwords in plain text dating back to 2012. 

Facebook worked to resolve the issues, and released an official statement which included the following: “There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook.”

That sounded promising, but then the rest of 2019 happened. 

April 2019: 540 Million Facebook Records Accessible on a Public Server

One month later the Cyber Risk team at Upguard reported over 540 million records sitting on a publicly accessible server which contained detailed data like account names and FB IDs. Upguard had been trying to contact the Mexican company hosting the server since January, but it wasn’t until April that they managed to secure the data.

September 2019: Another 419 Million Facebook User Records on a Public Server

A public server owned by an unknown group was found to have 419 million Facebook Records containing everything from unique Facebook IDs and phone numbers to gender and location. This was a disturbing call-back to the April incident when Facebook announced that they were making changes and knew they had work to do. 

To Facebook’s chagrin, their 2019 nightmare wasn’t over yet.

December 2019: 300 Million Facebook Accounts on the Dark Web

Online watchdogs detected one of the most disturbing Facebook breaches in December 2019. Over 267 million Facebook users had their personal data exposed on the dark web, possibly for up to two weeks. The dark web is the home of endless criminal activity, so this breach was egregious. By the time the media reported the breach, Facebook had already made security changes that supposedly fixed this vulnerability. In March 2020, however, another 42 million records were found different server and gathered by the same criminal organization based in Vietnam. 

2021: Half a Billion Accounts Leaked

Those hoping that 2021 would be smooth sailing were disappointed by a huge Facebook hack over the weekend of April 3. This Facebook lapse exposed the personal information of approximately half a billion users, including their names, birthdays, locations, and phone numbers. 

Facebook acknowledged the leak but said it stemmed from a security problem in 2019 that their team has since fixed. But many Facebook users found that statement to be of little comfort. The information is out there, and the damage could be ongoing. In the US alone, 30 million accounts were affected. Facebook has not made it easy to find out if your account was one of them. According to experts, you have around a 20% chance of being hacked if hackers stole your account information. Check haveibeenpwned.com to see if you are affected. 

Protecting Your Personal Data on Facebook and Other Online Sites

Despite its spotty security history, Facebook is still a dominant force in social media. Users have stuck with this forum despite some massive security issues. You should not assume that Facebook will automatically keep your data safe. Be proactive and put your own safety measures in place.

Limit Security Breaches with Facebook Security Settings

Experts recommend taking the following steps to enhance your Facebook security

  • Clear Off-Facebook Activity History - Facebook can track your activity online when you are not using their platform and use it to target their advertising. Select settings on the menu and then select Off-Facebook Activity and clear history to stop this process. 
  • Disable Third-Party Tracking - If you have used your Facebook login information to sign in to other applications, they are tracking your activity. To disable this function, select Settings & Privacy from the menu and then select Apps and Websites. Click on Active, and then you can disable tracing from individual apps.  
  • Use Two-Factor Authentication on Facebook (and other sites) - The extra time this step takes is worthwhile. To breach your account, hackers would need a security code that is sent only to your mobile phone. On Facebook, you can activate this feature by clicking on the menu and then choosing Settings & Privacy followed by Security and Login. Then simply choose Two-Factor Authentication and enter your phone number and security code.
  • Limit Who Can See Your Personal Posts - You should set your personal Facebook account to private. And if you want to share really personal information, you should limit who can see those posts. You can do this by going to Settings & Privacy and then Settings. Choose who can see your future posts. Then click edit. You can also choose to limit who can see your past posts as well.

The Importance of Password Safety to Prevent Security Breaches

Password security is still one of the best ways to keep your personal information and account access safe. Security breaches are so damaging because hackers take your stolen password, perhaps from Facebook, and then input it into all of your other accounts, hoping that you reuse passwords.

If you are like many other online users, you do reuse passwords, sometimes simply because it’s easier than remembering a dozen or more different passwords. Cybercriminals can turn a Facebook security breach into a bonanza of criminal activity that can harm your finances and your reputation. If you have unique passwords for all of your accounts, then a breach of one will not lead to a breach of others. 

How TeamPassword Can Help Prevent Security Breaches

Safely managing your work passwords can seem overwhelming, even to the most meticulous company. Fortunately, creating and storing unique passwords are simple with TeamPassword. We provide the latest password safety features, including a free password generator that creates impossible-to-guess passwords that meet the highest security standards.

You can use Teampassword to make sure that your accounts are safe even when social media giants and others leak your passwords. We offer password services that allow you to add, share and manage your internal and client passwords, including those for websites, social media, blogs, and more. You and your employees will not have to remember dozens of secure passwords - we make that part of the process simple while protecting you from security breaches.

You cannot make every account hack-proof, but you can minimize the damage when a breach occurs.

Keep your personal and business information safe with TeamPassword. Try us now and get your first 14 days for free!

facebook social icon
twitter social icon
linkedin social icon
Enhance your password security

The best software to generate and have your passwords managed correctly.

TeamPassword Screenshot
Recommended Articles
Person using Telegram messaging service


May 14, 20249 min read

How End-to-End Encryption Ensures Secure Communication

Does end-to-end encryption offer better and more secure communication? Find out exactly what end-to-end encryption means, the benefits ...

A man typgin on a laptop while holding his phone, there are different security icons overlayed including a log in screen and a lock and masked password.


May 9, 202411 min read

5 Ways Adaptive Authentication Can Protect Your Business From Cyberattacks

Adaptive authentication can streamline access to your business systems whilst protecting your organization from cyberattacks. Here's how it ...

Two men sitting at a table, one on his phone and the other on a laptop. The words compliance, regulations, law, and standards are overlayed.


April 30, 20247 min read

SOC 2 password security compliance requirements in 2024

Security compliance is an ongoing, active process aimed at protecting an organization’s data, as well as the data ...

The Password Manager for Teams

TeamPassword is the fastest, easiest and most secure way to store and share team logins and passwords.