Mikey Campbell
An unsecured database containing the phone numbers of more than 419 million Facebook users was recently found online, though the social network said no accounts have been compromised as a result of the exposure.
Security researcher Sanyam Jain discovered the server that included phone numbers and in some cases names and locations of Facebook users. When he was unable find the server's owner, Jain reported his findings to TechCrunch, which verified the records by cross-checking data with known profiles and matching numbers against Facebook's password reset feature.
The database is no longer online. When it was live, however, the server was left unprotected without a password, meaning anyone could search for and browse data that contained records of user IDs and associated phone numbers.
Records of some 133 million U.S. Facebook users were included in the database, as was information related to 18 million UK users and more than 50 million users in Vietnam, the report said.
Facebook spokesman Jay Nancarrow said the data was scraped prior to the shutdown of a feature that allowed users to search for friends by phone number. Facebook disabled the tool in the wake of the Cambridge Analytica scandal, citing bad actors who abused the service to scrape user information.
"This dataset is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," Nancarrow said. "The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised."
Who, exactly, scraped the data and for what reason remains unknown.
Today's revelations are the latest in a long line of Facebook snafus that threaten to encroach on user privacy. Aside from Cambridge Analytica, the social media monolith in 2018 confirmed a security breach impacting 30 million accounts. In March of this year, an investigation found hundreds of millions of unencrypted account passwords stored on internal servers.
AppleInsider Staff
Malcolm Owen
Oliver Haslam
Andrew O'Hara
Wesley Hilliard
William Gallagher
Christine McKee
21 Comments
Just close your account already. This company is unacceptable.
Whatsapp is owned by FB and will do nothing for a user without full access to contacts. Android users gave permission to access contacts by merely downloading the app. iOS users had to give explicit permission, which millions did. While you might have denied Whatsapp access, it's very likely one of your friends or relatives authorized access and gave FB your information.
I would say a penalty of $5 for each person whose data was compromised would be pretty fair.
I think we can look at this two different ways:
1. It's not a problem. After all, the telephone company drops off a big and nearly useless book containing names, addresses, and phone numbers of lots of subscribers on my porch every year. Heck, they even provide (or at least used to) a list of numbers to telemarketers in electronic format.
2. Facebook really screwed up again and probably got their stuff hacked and someone will initiate a class action lawsuit and hundreds of millions will be eligible for free credit report monitoring for a year (value: nearly zero).
I have no trust at all for Facebook and Google. I don’t think any company that views the customer as the product will ever have sufficient motivation to keep my personal data private.