Facebook 2021 Data Breach
| Company | Facebook (Meta) |
|---|---|
| Breach Date | January 1, 2019 |
| Disclosure Date | April 3, 2021 |
| Records Affected | 533 million |
In April 2021, personal data of 533 million Facebook users from 106 countries was posted on a hacking forum, including phone numbers that weren't publicly visible on profiles.
What Happened
The data was scraped from Facebook using a vulnerability in the platform's contact importer feature before September 2019. Attackers exploited the feature to link phone numbers to Facebook accounts at scale.
The data circulated privately among hackers for years before being posted publicly for free in April 2021. Facebook claimed the vulnerability was patched in 2019 but didn't notify affected users.
What Data Was Exposed
- Phone numbers - Even if set to private
- Facebook IDs
- Full names
- Locations
- Birth dates
- Email addresses (some accounts)
- Relationship status
- Bios
Who Is Affected
533 million Facebook users worldwide, with the US having 32 million affected accounts.
How to Check If You Were Affected
Check haveibeenpwned.com using your phone number (in international format) or email address.What You Should Do Now
- Check if you were exposed at Have I Been Pwned
- Be alert for phone-based scams - Your number is now linked to your identity
- Enable two-factor authentication on Facebook
- Review your Facebook privacy settings
- Be suspicious of calls and texts from unknown numbers
Last updated: January 13, 2026