[woudsma]

And they apparently also didn't plan on deleting my PII (phone number was in the leak), even after I permanently deleted my account at FB over 3 years ago.

I thought I had the 'right to be forgotten' because of the GDPR, as I'm a European citizen. Has there been any real enforcement of these laws aside from the relatively small fine here and there?

I've been blocking FB actively for the last few years, I can't even visit FB because of my /etc/hosts file setup. It seems quite impossible to get back some privacy online even though I try and take measures. Use Duckduckgo, Brave browser, VPN, no social media, etc. I was a happy person when GDPR first came through.

[t0mas88]

If you're in Europe you can file a complaint with your local data protection agency. They will definitely already have some investigation on Facebook so this just adds more to it.

[smcl]

Here is how you find that, by the way: https://edpb.europa.eu/about-edpb/board/members_en

[varispeed]

I think after such data leak, it should be possible to ask company who enabled the leak, to put the matters as they were before the leak - that is buying you a new phone number, setting up a new name, new address and whatever else that was leaked. The new address should be in comparable standard to the old one.

[aminozuur]

The data was scraped years ago and just released now. Only the things you shared publicly already, such as your first and last name on Facebook, were "leaked", except for a few private phone numbers.

[woudsma]

I've never had public profile information. Only visible for friends (and my phone number wasn't even visible there). How would my private phone number get into that dataset? That would suggest that they have more than just public data.

[nuclear_eclipse]

Your friends can (and almost certainly will) share their contact info (including your name/phone/email) with Facebook , Messenger, or Whatsapp, even if your account is deleted and doesn't exist.