Facebook security breach exposed the phone numbers of over 400 million users

nanoguy

Posts: 1,365   +27
Staff
What just happened? A researcher has found several databases stored on an unprotected server that held personal information -- mostly phone numbers -- of hundreds of millions of Facebook users. While the company argues the data is over a year old, it doesn't change the fact that it is a big privacy breach. The person who collected that information and their motivations behind it are nebulous.

When Mark Zuckerberg outlined Facebook's "privacy-focused" future earlier this year, everyone was right to treat his promises with skepticism. The latest security breach exposed the phone numbers of 419 million users, even after Facebook said it has restricted access to that information over a year ago as part of a policy update.

Sanyam Jain, a security researcher from the GDI Foundation discovered the dataset on an unprotected server and told TechCrunch he was unable to find the person who scraped that information from Facebook. The good news, however, is that after contacting the hosting company, the databases were taken offline.

The server contained records of users from all around the world, including 133 million records on Facebook users in the US, 50 million on users in Vietnam, and 18 million on people in the UK. The researcher says each phone number was tied to a user's Facebook ID, which is a long string of numbers that is uniquely associated with a Facebook account. That ID can be used to find out a username, and some of the records included other personal details like name, gender, and location.

A Facebook spokesperson explained that "this dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. [...] The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised."

Still, the news comes at a time when Facebook is under fire from all directions for privacy breaches and anticompetitive behavior. Eariler this year it was revealed that the company's two-factor authentication system could be used by almost anyone to find your phone number. It's also worth noting that Facebook's sketchy practices go so deep that it knows what apps you use even if you don't have a Facebook account.

Permalink to story.

 
The more false information you feed Facebook the better. The phone number that I used for all of my Burner accounts was a phone number from a throwaway Walmart go phone .

Good luck to the telemarketers who’d call me .

Smuckerberg will get nothing from me but memes and off-color jokes.
 
Internet security is an oxymoron, and not by accident but by design. Security is the enemy of the online data mongers.
 
Yet another great reason for the DOJ to move in and shut them down. These guys are worse than WikiLeaks and need to be reined in or completely eliminated.
 
Back