ByteBreaker Breach? Hacker Claims to Steal 1.2 Billion Facebook Users’ Data

A hacker operating under the alias “ByteBreaker” has claimed responsibility for stealing personal data from nearly 1.2 billion Facebook users by exploiting a vulnerability in the platform’s Application Programming Interface (API). While APIs are typically used by authorized applications to access limited user data, ByteBreaker allegedly circumvented these restrictions to extract a vast trove of sensitive information. An initial sample containing data from around 100,000 users has reportedly been posted for sale on the dark web.

However, Meta, the parent company of Facebook, has denied the allegation of a new breach. “This is not a new data leak,” a Meta spokesperson stated. “These are the same datasets that were scraped in 2021. We notified users at that time and have since implemented measures to prevent such incidents in the future.”

If proven true, this would mark the largest cyberattack on a social media platform to date. Previously, data from 530 million Facebook users was exposed in 2021, and another breach in 2022 saw the personal information of 700 million LinkedIn users compromised.

Cybersecurity research firm Hackread has corroborated that much of the sample released by ByteBreaker appears to match the 2021 incident. According to ByteBreaker, the data is stored in just 200 million rows—raising doubts among experts, as typically each row would represent a single user. Given the claimed figure of 1.2 billion users, the mismatch in row count has led analysts to question the credibility of ByteBreaker’s assertions.

Cybersecurity professionals warn that breaches of this scale pose serious risks not only to user privacy but also to financial and identity security. They have urged Facebook users to take immediate precautions.

Experts recommend the following steps for enhanced online safety:

• Change passwords for Facebook and all other critical accounts immediately.

• If the same password has been used across multiple platforms, change them as well.

• Enable two-factor authentication (2FA) wherever possible.

• Monitor bank accounts closely for any suspicious activity.

Let me know if you'd like a visual infographic or a social media caption version of this news.