Facebook might have been one of the first social media sites to pop up, but in 2025, it is largely known for countless instances of exposing user data in its now infamous data breaches.
Facebook has a long history of doing terribly when it comes to protecting customer data, that can be traced all the way back to the beginning of it’s journey.
As a result, Facebook always seems to be in the news for the wrong reasons.
In fact, their largest campaign ever was to apologize, which is very telling of what’s going on behind the scenes.
The most interesting part of it was that as of yet, Facebook hasn’t really had to face any major consequences, and as a result, the company is still leaking your personal data regularly.
In fact, the company was responsible for the most data leaked back in 2019.
In this article, we are going to talk about the various Facebook data breaches, their history, a full timeline, and why they matter in 2025.
Facebook Data Breaches Timeline & History
400 Malicious Apps in October 2022
On October 7th, Meta uncovered the Facebook data breach 2022.
They state that they found more than 400 malicious apps on the Android and iOS app stores that were targeting Facebook users with the goal of stealing their login credentials.
Security experts say that this exposed many millions of users.
“These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps, and other utilities to trick people into downloading them,”
Meta
1.5 Billion Users in October 2021
Nearly 1.5 billion Facebook users’ data were found on an online hacker forum for sale.
These records were collected by scraping publicly available data.
533 Million Users in April 2021
As far as recent Facebook data breaches go, one of the more recent ones was back in April of 2021, when more than 500 million users were affected.
This also has to be one of Facebook’s largest data breaches as well.
This exposed data included locations, phone numbers, full name, and sometimes, even e-mail addresses.
More than 500 million people were affected in more than 106 different countries.
309 Million Users in December 2019
Facebook decided to end 2019 with a bang and dealt with yet another of its infamous data breaches.
Over 300 million Facebook users’ names, phone numbers, and user IDs were left exposed on the dark web, for almost two weeks.
Experts say that this was the result of the abuse of Facebook’s API, by cybercriminals located in Vietnam.
419 Million Users in September 2019
2019 is starting to look like the worst year in Facebook’s history when it comes to data breaches.
419 million more Facebook users were found sitting on a server that was exposed.
Each record included their unique Facebook ID, as well as their phone number. In some cases, location and full names were also exposed.
Facebook didn’t own the server, and nobody was sure who it actually belonged to.
Nobody knows who scraped the information from Facebook’s system, but only a motivated hacker, or someone on the inside would be able to access Facebook on this level.
1.5 Million Users in April 2019
Another one of the more well-known Facebook data breaches occurred in April 2019 as well, when it was discovered that Facebook had been harvesting the e-mail contacts of more than 1.5 million relatively new Facebook users.
Of course, the company was doing this without the consent of the users.
It came about that Facebook was requiring new users in the registration process to verify their e-mail address, by including their e-mail password, a move that has been criticized widely by security experts.
Once you entered the e-mail address password, the process would automatically begin for the e-mail contacts to be imported.
Facebook didn’t ask anybody permission to do this and there was no way to cancel or stop the process once it begun.
Then, Facebook would use this data to improve the performance of their ads, suggest friends, and more.
Facebook claims that they weren’t able to see the contents of user emails but being able to see who you are talking to and emailing is still a pretty big breach of privacy, with 1.5 million e-mail addresses connected.
540 Million Users in April 2019
2019 was a big year for Facebook data breaches, because in April, it was found that hundreds of millions of user records of Facebook were sitting exposed on a public server.
Researchers at a security firm discovered this breach and reached out to the Mexican firm that hosted the server.
However, it took a few months before their server was eventually secured.
As a result, it is unknown how long user records were exposed for, or if anybody tried to take advantage of them being exposed.
The information was only made private once Facebook was aware of the situation.
600 Million Users in March 2019
As far as Facebook data breaches go, it only got worse as the years went on. In 2019, Facebook had a pretty significant data breach.
A cyber security expert blew the whistle Facebook was holding hundreds of millions of its users’ passwords in plain text files.
This meant that only employees could access these specific files, but this still meant that personal passwords were available and accessible to more than 2000 employees of Facebook.
For some cases, these records went all the way back to 2012.
Facebook didn’t reveal why they had stored user passwords in this way.
Only a month later, it was discovered that millions of people on Instagram had been affected by the same issue, where their passwords had been stored in plain text.
Facebook tried to reiterate that these passwords hadn’t been compromised, but the total number of Instagram or Facebook users affected by this is still unknown.
However, it is estimated to be 600 million at minimum, although the actual number is probably a lot more than this.
50 Million Users in September 2018
2018 definitely wasn’t a good year for Facebook in terms of data breaches.
Not too long after having to deal with the Cambridge Analytica controversy, Facebook experienced a second data breach.
At the end of 2018, cybercriminals were able to access between 50 and 90 million user profiles.
These cybercriminals could see everything on the profile of the user.
Facebook also said that any third-party sites that those users had being logged into could also be seen as well.
Facebook started their investigations into this breach a couple of weeks before they announced it publicly.
The situation ended up being incredibly complicated and involved three separate bugs.
As a result, Facebook logged 90 million users out and ask them to log back in again and reset their passwords.
It also temporarily disabled certain features, like the ‘view as’ feature.
Mark Zuckerberg then announced that they would be working closely with the FBI to investigate the data breaches.
14 Million Users in 2018
If you are at all familiar with Facebook, then you will know that there are different privacy settings when it comes to your profile and your posts.
You can choose who you share your posts with, whether it is everybody, or just people who you are Facebook friends with.
However, there was a glitch in the system back in 2018, which meant that the private posts of 14 million people were shared publicly without their consent or knowledge.
The bug was only able affect users for five days, and Facebook worked quickly to return all posts to regular privacy settings.
However, for these few days these posts were publicly available, and as a result, the private lives of users were exposed completely.
6 Million Users in 2013
At the start of this timeline, all the way back in 2013, Facebook found a bug that had been leaking the personal data of more than 6 million people to unauthorized viewers for more than a year.
E-mail addresses and phone numbers were exposed, and anybody who knew anything about the people were easily able to access their information.
What’s really interesting about this technical glitch is that it actually started in 2012, but Facebook didn’t notice it until 2013.
When it was discovered, the company fixed the bug, and then reported the breach to regulators as well as those that had been affected by the breach.
They did all of this before they announced it publicly.
This wasn’t the biggest breach that year, but it was the first Facebook breach, and it was the start of many.
How to Prevent Security Breaches
If you’re worried about being affected by future data breaches then follow the recommendations from the experts when it comes to enhancing your Facebook security.
Clear Your Activity History Off Facebook
The danger of Facebook is that they can easily track your activity online, even when you aren’t using the platform, and they can use this data to target their marketing.
Choose settings on the menu, and then choose ‘off Facebook activity’, so that you can clear your history to stop this from happening.
Get Rid of Third-Party Tracking
If you are using your Facebook login information to sign into another application, then Facebook is definitely tracking your activity.
To disable this, go to settings and privacy, and then choose ‘apps and websites’.
Select ‘active’, and then you will be able to disable tracking from specific apps.
Use Two-Factor Authentication
One of the best ways to protect yourself and your personal information online is to enable two factor authentication.
You might not like the idea of this, because it takes more time to sign into something, but this extra time is definitely going to be worthwhile.
If a hacker wants to be able to breach your account, they are going to need the security code that is going to be sent to your mobile phone.
You are going to be able to activate this feature on Facebook by selecting the menu, and then choosing ‘settings and privacy’.
From here, you will select ‘security and login’.
Now, you can select two factor authentication, and enter your phone number, as well as a security code.
Limit Who Is Seeing Your Posts
It is highly recommended that you set your personal Facebook profile to private.
And, if you are really wanting to share personal information on Facebook, you need to limit who is seeing these posts.
You can do this by going to your settings and privacy option, and then settings. From here, you can decide who sees your posts.
Final Thoughts
What is evident from this article on the comprehensive history and full timeline of Facebook data breaches is that your data isn’t safe if you have it on Facebook.
Just in 2019, more than 1 billion user records were exposed and leaked, which is half of all people on Facebook.
So, what are you able to do in order to protect your data?
The first thing that you need to realize is that any online account can easily be breached.
As a result, you should either delete your Facebook profile, or delete any information that you have on your Facebook profile that could cause harm to you.
Don’t share anything on Facebook that you wouldn’t want to be exposed publicly, and it is also recommended that you enable two factor authentication.
Protecting yourself online is essential as far as personal information goes because along with Facebook, there are plenty of cybercriminals out there that are determined to gain access to your personal data and use it for personal gain.
As you can see from the Facebook data breach history and timeline for 2025 that we have covered above, there is ample reason to be careful when choosing what to share online.
