The personal details of more than half a billion Facebook users have turned up on a hacker forum, but the social media behemoth has no plans to notify the people affected - let alone apologise to them. In a blog post, Facebook said “malicious actors” had obtained the data prior to September 2019 by “scraping” profiles using a vulnerability in the platform’s tool for synching contacts. A spokesman later told Reuters that Facebook wasn't confident it had full visibility on which users would need to be notified, and there was nothing to be done about the availability of the data anyway.
The information in question includes names, mobile numbers, genders, occupations, locations, birthdays, and marital status. Initially, Facebook characterised this as "old news" which was disclosed at the time. But, as Wired reports, that's far from the whole story. In fact, there have been so many vast Facebook breaches that it's easy to lose track of what was leaked - or disclosed - when. You can check whether you're affected by using the breach tracking site HaveIBeenPwned, but on a practical level so many organisations have lost so much information that it's worth assuming your details are out there somewhere.
Just to underline that, it's emerged that the personal details of half a billion LinkedIn users is also being offered for sale. CyberNews says the information includes LinkedIn IDs, names, email addresses, phone numbers, genders, links to LinkedIn profiles, links to other social media profiles, professional titles, and other work-related data. Passwords and payment data don't seem to be affected and, according to CyberNews, "it's unclear whether the threat actor is selling up-to-date LinkedIn profiles, or if the data has been taken or aggregated from a previous breach suffered by LinkedIn or other companies". So far, LinkedIn has said precisely nothing.