More than 755,000 Facebook accounts hacked in the Philippines


Personal information of more than 755,000 Facebook users in the Philippines was compromised last month, a data watchdog has revealed.


The National Privacy Commission (NPC) made the disclosure after a compliance order was filed against Facebook, following a data breach in September that compromised the personal information of tens of millions of users across the globe.

An independent body created under Republic Act No. 10173, or the Data Privacy Act of 2012, the NPC seeks to ensure that personal information is secure and protected.

In a statement today (Friday, October 19) the NPC said a total of 755,973 users were affected, with large numbers having had their online footprint, such as search queries and Facebook posts exposed.


Some 387,322 user accounts had their basic profile information compromised, such as full name, e-mail address and phone number.

On top of this, another 361,227 accounts had other pieces of data breached, such as location, recent search queries and accounts they follow.

A total of 7,424 users had more information exposed, such as Facebook posts, list of friends, groups they are members of, and the names of people they recently chatted with.


The world’s largest online social network, with 1.5 billion daily users, claimed that the vulnerability was fixed on September 28, three days after it was discovered.

Affected users should have been notified through their Facebook app about the issue.

The company, which is still reeling from the earlier Cambridge Analytica data breach scandal, insisted that there was “no material risk of more extensive harm occurring.”.

However, the NPC’s Privacy Commissioner Raymund Liboro disputing this, saying: “The risk of serious harm to Filipino data subjects is more than palpable.

“As Facebook itself notes, the main potential impact for affected users will be an increased likelihood of getting targeted for professional ‘spam’ operations and ‘phishing’ attacks.” 

It has not been confirmed whether the NPC will file any charges against Facebook.

In the meantime, Liboro has told Facebook to submit a more comprehensive report about data breach notifications, notify those who were affected in accordance with NPC rules, implement a programme directed at Filipino users to increase awareness of identity theft and phishing and provide evidence that it had indeed complied with these orders.

Follow our Facebook page for daily news updates