The breach was particularly alarming because it exposed not only public information but also private phone numbers and other sensitive data that users had trusted Facebook to protect. The incident raised serious concerns about Facebook's ability to safeguard user data and sparked a renewed debate about data privacy and security.
The breach was first reported by a security researcher who stumbled upon the vulnerability while testing Facebook's "import contacts" feature. The researcher discovered that by using a simple script, they could download a massive dataset containing user information, including phone numbers, from Facebook's servers.
The dataset, which was leaked in a plain text file, contained a staggering 370 million records, each containing a user ID, phone number, name, and other sensitive information. The data was so sensitive that it could be used to identify and target users for phishing attacks, spam, and other malicious activities.