The fallout from the recent Facebook data breach that came to light as the year ended is still ongoing. Facebook has already suffered more than its share of painful and embarrassing breaches of its users’ data security and privacy. In the latest blow, hundreds of millions of users’ personal data including phone numbers linked to Facebook accounts were leaked online.
The list of phone numbers was completely public and was available for almost everyone on the Internet without any authentication or encryption. This is the biggest online data leak for Facebook since the infamous Cambridge Analytica scandal.
How did this happen?
More than 419 million Facebook users’ information such as phone number, gender, Facebook account IDs, and more were leaked online free to be accessed by anyone. This means anyone looking at these websites’ database would have been able to explore the data of millions of users without any form of authentication or passwords.
The incident was first uncovered by Sanyam Jain, a security analyst, researcher, and a member of the GDI Foundation. Soon after he found these databases, he contacted TechCrunch to help him further investigate the issue. As per TechCrunch, neither GDI foundation nor the TechCrunch team themselves was able to track down the owner of the data.
They soon contacted the hosting provider of the leak and the database was pulled offline. Zack Whittaker from TechCrunch broke the news and added that “multiple databases across the globe have been included in the leak. This included 133 million records on US-based Facebook users, 18 million records of UK users and over 50 million records of Vietnamese users.”
The investigation by TechCrunch also confirmed that the data leaked was authentic and original. However, it is unknown at this time who leaked the data and from where the hackers acquired it. The server was not a Facebook-owned one, however.
A Facebook spokesperson told CNN, “This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.” Facebook said that the actual number of accounts in the data breach was approximately 210 million as the 419 million records contained duplicates, although that claim cannot be verified.
How does the data leak impact normal users
Private information such as phone numbers can lead to various security threats and inconvenience like identity theft and call or SMS spamming. Users can also be a victim of SIM-swapping attacks using which attackers can force-reset all the passwords on all the online accounts associated with the numbers.
Moreover, many security experts strongly believe that just the phone number can expose many personal details and can even lead to identity theft. Attackers can also access information such as the current address, past addresses, past phone numbers, property-related information, criminal records, and even more.
Facebook has been under the glaring spotlight repeatedly in recent years due to the data breaches and compromised security systems. This recent incident seems to have worsened the situation for the social media giant.
Featured image: Shutterstock