Social media giant Facebook may be facing its largest-ever data breach, as a cybercriminal using the alias ByteBreaker claims to have scraped and listed the private data of 1.2 billion users for sale on the dark web.
ByteBreaker, known for their activity in underground cyber forums, reportedly exploited a flaw in Facebook’s API a tool designed to let third-party apps access user data to extract sensitive personal details.
1.2 Billion Accounts at Risk
Cybersecurity researchers at Cybernews revealed that the stolen dataset includes user names, IDs, email addresses, phone numbers, birthdates, gender, and location data such as city, state, and country. To validate their claims, the hacker published a sample of 100,000 user records on the dark web.
If verified, this could be the largest data-scraping event in social media history.
Meta Responds: “Old Data, Not a New Breach”
In a statement to the Daily Mail, a Meta spokesperson dismissed ByteBreaker’s claims, stating the leaked data stems from a 2021 Facebook breach affecting over 500 million users.
“This is from 2021, so it’s not a new claim. We disclosed this years ago and have taken steps to prevent similar incidents,” Meta said.
Further analysis by Hackread supports this, showing overlaps between ByteBreaker’s sample and data from the 2021 incident. The hacker’s claim of “1.2 billion accounts in 200 million rows” also raises credibility concerns a mismatch in data structure, as typically, each row represents a unique user.
Security Advisory: Change Passwords, Enable Fraud Alerts
Despite skepticism, cybersecurity officials are advising all Facebook users to take immediate precautions:
- Change passwords
- Freeze credit reports
- Enable fraud alerts on bank accounts
With the kind of personal information exposed, cybercriminals could potentially open credit cards or access financial accounts in victims’ names.
Also Read: Attention Startups! Showcase Your Smart Policing Solutions on India’s Biggest Stage
How the Breach Happened
ByteBreaker claims the breach was accomplished by manipulating Facebook’s API, bypassing limitations meant to safeguard user privacy. By automating API requests, the attacker allegedly harvested vast quantities of data over time.
This incident highlights the persistent risk of data scraping attacks, even on platforms with robust security investments. Though Meta insists no new breach occurred, the recycling and resale of older data in new packages continues to pose a threat to unsuspecting users
About the author – Ayush Chaurasia is a postgraduate student passionate about cybersecurity, threat hunting, and global affairs. He explores the intersection of technology, psychology, national security, and geopolitics through insightful writing.