Hundreds of millions of phone numbers connected to Facebook accounts have been found online.
The exposed server held more than 419 million records over several databases on users across geographies, including 133 million records on U.S. based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.
The server wasn’t protected with a password, which meant anyone could find and access the database.
RELATED STORY:
Each record contained a user’s unique Facebook ID and the phone number listed on the account. A user’s Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account’s username.
However, phone numbers have not been unrestricted in more than a year since Facebook limited access to users’ phone numbers.
TechCrunch verified several records in the database by matching a known Facebook user’s phone number against their listed Facebook ID.
Some of the records also had the user’s name, gender, and location by country.
RELATED STORY:
This is the latest security breach involving Facebook. A series of incidents occurred during the Cambridge Analytica scandal, which saw more than 80 million profiles scraped to help identify swing voters in the 2016 U.S. presidential election. According to TechCrunch:
This latest incident exposed millions of users’ phone numbers just from their Facebook IDs, putting them at risk of spam calls and SIM-swapping attacks, which relies on tricking cell carriers into giving a person’s phone number to an attacker. With someone else’s phone number, an attacker can force-reset the password on any internet account associated with that number.
RELATED STORY:
The database was discovered by Sanyam Jain, a security researcher and member of the GDI Foundation. He contacted TechCrunch after he was unable to find the owner. After a review of the data, TechCrunch could not find the owner either. But once they contacted the web host, the database was taken offline.
Jain said he found profiles with phone numbers associated with several celebrities.
Facebook spokesperson Jay Nancarrow said the data had been scraped before Facebook cut off access to user phone numbers. He said:
“This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”
RELATED STORY:
However, questions remain as to precisely who scraped the data, when it was scraped from Facebook and why.
Facebook has restricted developers‘ access to user phone numbers for a while. The company also made it more challenging to search for friends’ phone numbers. The data seemed to be loaded into the exposed database at the end of July, although that doesn’t automatically mean the data is new.
Data exposure is often tied to human error and not always with malicious intent. Either way, it represents a growing security problem.
Most recently, MoviePass, the Senate Democrats and First American left data exposed.
Source:
Please get on our update list today, as social media is strangling our reach. Join here: http://healthnutnews.com/join THANK YOU!