Personal data of more than 500 million Facebook users – including Australians – leaked online over the weekend, with users across 106 countries understood to be affected.

The data includes users’ phone numbers, Facebook IDs, full names, locations, birth dates, bios, and email addresses.

The Australian has confirmed that Australian users have been caught up in the leak.

It comes as the Morrison government has been presented with a new proposal to force users of social media networks like Twitter, Facebook and Instagram to upload 100 points of identification before they can use them, in a bid to tackle online bullying and trolling.

The recommendation is one of 88 from a parliamentary inquiry into family, domestic and sexual violence.

“In order to open or maintain an existing social media account, customers should be required by law to identify themselves to a platform using 100 points of identification, in the same way as a person must provide identification for a mobile phone account, or to buy a mobile SIM card,” the report reads.

Under the proposal, social media platforms would have to “provide those identifying details when requested by the eSafety Commissioner, law enforcement or as directed by the court.”

Facebook’s data leak has shown the company cannot be trusted with intimate data and that the plan is the wrong way to tackle bullying, experts say.

“I think the 100-point ID suggestion is absurd,” Swinburne University senior lecturer Belinda Barnet said.

“Mainly because of the serious privacy risks it poses. Platforms do not have a good track record looking after our data, as the breach of 500 million accounts shows.

“We can and should have a discussion about the utility of identity verification, but asking us to hand our identity documents to Facebook is the wrong way to do it.”

Peter Lewis, director at Centre for Responsible Technology, said the government is right to be considering increasing obligations on the users of social media platforms to behave in a manner that does not harm others.

“But requiring users to provide proof of identity to the online platforms is not the solution – as the latest hack of Facebook illustrates the platforms cannot be trusted with user data,” he said.

“Moreover, giving global corporations that base their business model on extracting and reselling user data access to legal identities would be like putting Dracula in charge of the blood bank.”

Mr Lewis said an alternate approach would be to create an equivalent to a Social Media AVO – or apprehended violence order – in which people who are subject to bullying, trolling and other unsafe behaviour could secure a legally enforceable order to the platforms to identify, suspend and delete accounts.

“While contact on digital media is already covered by AVOs, they only target the user and not the platform,” he said.

“Where a Social Media AVO is granted, the onus would be on the platform to ensure a safe environment for the claimant and taking legal responsibility for any ensuing damage to the applicant.”

When asked about the data leak, Facebook described the data as “old” and said the issue had been fixed.

“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” a Facebook spokesman said.

“In 2019, we removed people‘s ability to directly find others using their phone number across both Facebook and Instagram – a function that could be exploited using sophisticated software code, to imitate Facebook and provide a phone number to find which users it belonged to.”

The company was contacted for further comment.

Originally published as Facebook ‘can’t be trusted with our data’