• Thursday, May 28, 2020
  • Last Update : 01:10 pm

Facebook confirms 419m phone numbers exposed

  • Published at 02:24 pm September 5th, 2019
Figurines are seen in front of the Facebook logo in this illustration taken March 20, 2018 Reuters

The information was stored in an online server that was not password protected, according to a report from TechCrunch

Hundreds of millions of Facebook users’ phone numbers were exposed in an open online database, the company confirmed Wednesday, in the latest example of Facebook’s past privacy lapses coming back to haunt its users.

The technology website TechCrunch stated that more than 419m Facebook IDs and phone numbers were stored in an online server that was not password protected, reports The Guardian. 

The dataset included about 133m records for users in the US, 18m records for users in the UK and 50m records for users in Vietnam.

The database was taken offline after TechCrunch contacted the web host.

Facebook confirmed the report and said it was investigating when and by whom the database was compiled. 

A spokeswoman for the company also claimed that the actual number of users whose information was exposed was approximately 210m, because the 419m records contained duplicates.

The records were likely amassed using a tool that Facebook disabled in April 2018 in the aftermath of the Cambridge Analytica controversy. 

The revelations showed how Facebook’s lax approach to privacy had allowed a political consultancy to obtain personal information from tens of millions of profiles.

Until then, Facebook allowed anyone to search for users by their phone number, a seemingly benign tool for finding an individual with a common name that was also readily hijacked by data scrapers.

“Malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search,” chief technology officer Mike Schroepfer wrote at the time. 

“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.”

Facebook emphasized that the exposed data was “old” and would have been scraped prior to the April 2018 policy change.

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” a spokeswoman said in a statement. “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”

The spokeswoman did not respond to questions about whether Facebook would inform users whose information was exposed or offer any mitigation to those affected, saying only that the company was still investigating.

Facebook’s characterization of the data as “old” notwithstanding, phone numbers are an increasingly important key to people’s identities – and a potential vulnerability. 

While not as sensitive as a social security number, they are important identifiers that can be used to easily obtain significant amounts of personal information about an individual and their family from online data brokers, as the New York Times reported in August.

Skilled attackers can often leverage a mobile phone number and information gained through data brokers or social media sites (such as home address, previous addresses, family members, etc) to persuade mobile phone carriers to transfer a target’s phone number to a different phone.

The latest high-profile victim of this type of attack, which is known as Sim swapping, was Twitter chief executive officer Jack Dorsey, whose Twitter account was hijacked on Friday by a hacking group that appears to have gained control of his mobile phone number.

On Wednesday, Twitter announced that it was temporarily disabling the ability for users to send tweets through SMS, or text messages, due to “vulnerabilities that need to be addressed by mobile carriers.”

blogger sharing button blogger
buffer sharing button buffer
diaspora sharing button diaspora
digg sharing button digg
douban sharing button douban
email sharing button email
evernote sharing button evernote
flipboard sharing button flipboard
pocket sharing button getpocket
github sharing button github
gmail sharing button gmail
googlebookmarks sharing button googlebookmarks
hackernews sharing button hackernews
instapaper sharing button instapaper
line sharing button line
linkedin sharing button linkedin
livejournal sharing button livejournal
mailru sharing button mailru
medium sharing button medium
meneame sharing button meneame
messenger sharing button messenger
odnoklassniki sharing button odnoklassniki
pinterest sharing button pinterest
print sharing button print
qzone sharing button qzone
reddit sharing button reddit
refind sharing button refind
renren sharing button renren
skype sharing button skype
snapchat sharing button snapchat
surfingbird sharing button surfingbird
telegram sharing button telegram
tumblr sharing button tumblr
twitter sharing button twitter
vk sharing button vk
wechat sharing button wechat
weibo sharing button weibo
whatsapp sharing button whatsapp
wordpress sharing button wordpress
xing sharing button xing
yahoomail sharing button yahoomail