Facebook, the social network that boasts about creating a safe space for users, may have inadvertently exposed millions of phone numbers related to people’s Facebook accounts in a scraping incident, according to a report on TechCrunch.
TechCrunch reports that an exposed server found online “contained over 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.” The data on the server or servers had no password protections, and anyone could access the data, according to TechCrunch.
Each record exposed contained at least a user’s unique Facebook ID and the phone number listed on the account. A user’s Facebook ID is typically a long, unique and public number associated with their account. With knowledge of a user’s Facebook ID, anyone can discover the personal name associated with the account. According to TechCrunch, some of the records already included users’ names; and included gender and location by country.
Facebook issued a statement describing that the breach was connected to an old dataset that appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. According to Facebook, “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.” But that doesn’t mean bad actors can’t make new connections with other data to create criminal schemes. Old datasets? What about people who have had the same phone number for 5, 10, 15 or 20 years?
Following the Cambridge Analytica scandal, Chief Technology Officer Mike Schroepfer wrote assurances in an April 4, 2018 in a Facebook newsroom post that a feature that could be exploited and could allow scraping of users’ profile information, including phone numbers, was disabled.
With news of another breach today, Facebook tried to provide a calming assurance, saying because of numerous duplicates, the total number of phone numbers found online was actually about half of what TechCrunch reported because of duplicates in the database. That would still be about 210 million users.
The database was discovered by GDI Foundation security researcher Sanyam Jain, who contacted TechCrunch when he couldn’t find the owner of the data. Jain also reported that he found profiles associated with celebrity Facebook users. TechCrunch notified the web host where the data was stored, and the web host removed access to the data.
Initially there are no suspects known who might have scraped the data.
^^ MOBILE? USE VOICE MIC ^^
Please ‘LIKE’ the ‘Arlington Cardinal Page. See all of The Cardinal Facebook fan pages at Arlingtoncardinal.com/about/facebook …
Help fund The Cardinal Arlingtoncardinal.com/sponsor
THANKS FOR READING CARDINAL NEWS