Facebook 1.5 Million Email List

Facebook said the issue began three years ago when it made changes to the step-by-step verification process users go through when signing up for an account on the platform. Prior to those changes, users were given the option to upload their email contact lists when opening an account to help them find friends already on Facebook.

The seedy underbelly of Facebook has surfaced yet again thanks to Bogomil Shopov, an online IT marketing and community management professional from Bulgaria, who recently was able to purchase one million names, email addresses, and Facebook profile IDs.

January 2, 2019: Blur announced a data breach after an unsecured server exposed a file containing 2.4 million usernames, email addresses, password hints, IP addresses and encrypted passwords. The password management company urged their users to change their Blur login credentials and enable two-factor authentication.

January 3, 2019: The information of 7.6 million gamers was stolen in a hack of the game Town of Salem. BlankMediaGames (BMG) announced that its server was compromised and usernames, email addresses, IP addresses, game & forum activity and purchased game premium features were exposed.

February 15, 2019: The accounts of 14.8 million users of 500px have been hacked, revealing full names, usernames, email addresses, birth dates, locations and gender. The photo-sharing website has notified its users and is forcing a password reset.

March 21, 2019: The Oregon Department of Human Services announced a data breach after nine of its employees clicked on a phishing link, compromising nearly 2 million emails. These emails may have exposed the names, addresses, dates of birth, Social Security numbers, and other information of as many as 1.6 million clients.

April 22, 2019: The largest online retailer of fitness supplements, Bodybuilding.com announced a data breach that potentially impacted its 7 million registered users. The company has since forced a password reset and notified its customers. The information that could have been stolen by hackers includes names, email addresses, billing/shipping addresses, phone numbers, order history, birth date and information included in BodySpace profiles.

May 1, 2019: Job recruitment site Ladders exposed the data of 13.7 million users through an unsecured database that was left open without a password requirement. Consumers who used the site for job hunting had their names, email addresses, employment history and salary figures exposed. Many users had their resume details included, work authorizations and even security clearance status. The unsecured database also contained the information of nearly 380,000 recruiters.

May 9, 2019: A data breach of Freedom Mobile has affected an estimated 1.5 million customers after a database of information was found unprotected on an Elasticsearch server. The Canada-based telecommunications company exposed customer names, email addresses, phone numbers, physical addresses, dates of birth, account numbers and credit card information.

May 20, 2019: More than 49 million Instagram influencers, celebrities and brands have had their private contact information exposed after an India-based social media marketing company left the data unprotected on an Amazon Web Services database. TechCrunch reported that the bio, profile photo, location, verification status, email address and phone number of high-profile accounts were exposed.

May 29, 2019: Flipboard announced it was hacked after an unauthorized third party accessed databases containing user information. Names, usernames, email addresses and encrypted passwords are among the data that could have been stolen. Flipboard has 150 million monthly users.

June 11, 2019: More than 100 million users of online event planning service company, Evite, have had their information put up for sale on the dark web. A hacker who goes by the name Gnosticplayers released usernames, email addresses, IP addresses and cleartext passwords. In some cases, dates of birth, phone numbers and postal addresses were also included.

June 18, 2019: Employees of the were targeted in a phishing attack that gave a cybercriminal control over their email accounts. As many as 2 million emails containing full names, addresses, dates of birth, Social Security numbers, case numbers, health information, and other record-keeping data were exposed.

August 5, 2019: The online marketplace, Poshmark, announced in a blog post that a hacker gained access to the names, usernames, genders, city data, email addresses, size preferences and scrambled passwords of its users. Poshmark has over 50 million users but has not confirmed how many were affected by the breach.

August 5, 2019: Stock X, a fashion and sneaker trading platform, exposed the personally identifiable information of over 6.8 million customers. The company sent a password reset to its users after an unknown third party accessed customer names, email addresses, shipping addresses, usernames, hashed passwords and purchase histories.

August 7, 2019: Over 23.2 million accounts were exposed by CafePress, a custom T-shirt and merchandise company, exposing the names, email addresses, physical addresses, phone numbers and hashed passwords of its customers. CafePress has not disclosed the breach leading back to February 2019 but has sent out a password reset notice claiming it has updated its password policy.

August 28, 2019: The web hosting company, Hostinger, sent out password reset emails to 14 million clients whose information was hacked through an API server. The company is urging its clients to update their passwords after first names, usernames, email addresses, IP addresses and hashed passwords were exposed in the data breach.

September 16, 2019: The personal information of 198 million prospective car buyers was left exposed in an unsecured database belonging to Dealer Leader, a digital marketing company for car dealerships. The information exposed included names, email addresses, phone numbers, home addresses and IP addresses.

September 12, 2019: Players of the popular games Draw Something, Words With Friends, and Farmville have been notified by mobile game maker Zynga that their system was breached and user data was accessed illegally. The hacker claiming responsibility says he accessed a database that included data from 218 million Android and iOS players, including names, email addresses, login IDs, hashed passwords, phone numbers, Facebook IDs and Zynga account IDs. The number of users impacted has not been confirmed by Zynga.

October 26, 2019: The account information of over 7.5 million users of Adobe Creative Cloud was exposed due to an unprotected online database, including email addresses, usernames, location, Adobe products, account creation dates, dates of last login, subscriptions and payment status.

November 22, 2019: Security researchers discovered an unsecured server containing four billion records on over 1.2 billion individuals. These records include over 1 billion personal email addresses, over 420 LinkedIn URLs, over 1 billion Facebook URLs and over 400 million phone numbers with more than 200 million U.S.-based valid cell phone numbers. While the data comes from two data aggregators and enrichment companies, the owner of the server and database remains unknown.

December 4, 2019: A database belonging to American communications company, TrueDialog, exposed tens of millions of SMS text messages as well as the personal information of more than 1 billion subscribers. Impacted information includes names of recipients, account holders and users, email addresses, phone numbers of recipients and users, content of messages, dates and times messages were sent, message status and account details.

December 30, 2019: Smart home device maker Wyze Labs has disclosed a data leak impacting more than 2.4 million customers. Production databases belonging to Wyze were left exposed for most of the month, containing usernames and email addresses, WiFi network names, camera names and tokens that identified smartphone and personal digital assistant device connections. The databases also included the personal health information for some users doing beta testing for the company. The company asserts that no passwords or financial account details were included in the database records.

Most reported breaches are in North America, at least in part because of relatively strict disclosure laws in North American countries. It is estimated that the average cost of a data breach will be over $150 million by 2020, with the global annual cost forecast to be $2.1 trillion.[1][2] As a result of data breaches, it is estimated that in first half of 2018 alone, about 4.5 billion records were exposed.[3] In 2019, a collection of 2.7 billion identity records, consisting of 774 million unique email addresses and 21 million unique passwords, was posted on the web for sale.[4]

Facebook was accused of designing its Android app permissions in a way that it obfuscated the fact that the app was gathering user call logs and SMS data from users in 2015 and earlier. Internal Facebook email messages also described whitelisting agreements between Facebook and other companies giving access to certain user data and Facebook implementing data reciprocity agreements with developers.

In mid-April, a security researcher noticed Facebook was asking users to provide email passwords and if a user entered the password, Facebook would import the user's contact list without asking permission to do so. Ultimately, Facebook collected contact lists from 1.5 million users. The company claimed the contact data was "unintentionally uploaded to Facebook," but security experts widely criticized the company for asking for email passwords in the first place. 2b1af7f3a8