A massive data leak from Facebook was collected and shared online, which includes data from more than 500 million users.
The data is ordered by country and for each country an export list in a clear text file can be downloaded.
The data is structured and fields are separated by colons, containing mobile phone number, first name, last name and other fields such as residence, job or marital status (if entered by the user).
The data leak contains ordinary people just like you and me but also data from governments and celebrities. The following excerpt from the Switzerland export shows the private information, including mobile phone number, from Ignazio Cassis, the foreign secretary of Switzerland:
The data can be verified with the actual profile:
The data leak is a serious privacy issue. Facebook wrote a statement (The Facts on News Reports about Facebook Data), trying to appease the data leak.
Malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019.
Mike Clark, Product Management Director at Facebook Inc.
Whether the data was obtained through a systems hack or by scraping through the platform is nevertheless a serious issue. As of Facebook's statement, it is believed that a former tool (Contact Importer) was abused to scrape through millions of user data. Facebook changed the way this tool works in 2019 – which should prevent such data scraping (according to Facebook).
We believe the data in question was scraped from people’s Facebook profiles by malicious actors using our contact importer prior to September 2019.
Facebook statement on the data leak
The fact that there is no 100% certainty, even from Facebook, shows that there are (hidden? public?) ways of exporting data of Facebook's users – obviously without any high security authorization.
Hats off to Facebook users which never provided any phone number to Facebook. That was a very wise decision.