Exposed Server Contained Phone Numbers of Hundreds of Millions of Facebook Users

[steven36]

Facebook is staring down yet another security blunder, this time with an incident involving an exposed server containing hundreds of millions of phone numbers that were previously associated with accounts on its platform.

 

 

The situation appears to be pinned to a feature no longer enabled on the platform but allowed users to search for someone based on their phone number. TechCrunch’s Zack Whittaker first reported Wednesday that a server—which did not belong to Facebook but was evidently not password protected and therefore accessible to anyone who could find it—was discovered online by security researcher Sanyam Jain and found to contain records on more than 419 million Facebook users, including 133 records on users based in the U.S.

 

(A Facebook spokesperson disputed the 419 million figure in a call with Gizmodo, claiming the server contained “closer to half” of that number, but declined to provide a specific figure.)

 

According to TechCrunch, records contained on the server included a Facebook user’s phone number and individual Facebook ID. Using both, TechCrunch said it was able to cross-check them to verify records and additionally found that in some cases, records included a user’s country, name, and gender. The report stated that it’s unclear who scraped the data from Facebook or why. The Facebook spokesperson said that the company became aware of the situation a few days ago but would not specify an exact date.

 

Whittaker noted that having access to a user’s phone number could allow a bad actor to force-reset accounts linked to that number, and could further expose them to intrusions like spam calls or other abuse. But it could also allow a bad actor to pull up a host of private information on a person by inputting it into any number of public databases or with some legwork or by impersonation grant a hacker access to apps or even a bank account.

 

“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” the spokesperson said in a statement by email. “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.”

 

Facebook announced in a blog post by CTO Mike Schroepfer in April 2018 that it was axing the ability for users to search for each other using phone numbers or email addresses after it discovered that “malicious actors” were abusing the function to scrape publicly available information. Schroepfer wrote at the time that due to the “scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.” Still, while the company initially disclosed the likelihood of such an event last year, it doesn’t make this week’s news any less troubling.

 

Another day, another spectacular security f@@kup by a company that has a knack for this kind of thing. The news comes hot on the heels of Senator Ron Wyden telling an interviewer that he believes lawmakers should ensure that Facebook CEO Mark Zuckerberg faces “the possibility of a prison term” for his company’s abuses of user data. While that sounds like a pipe dream, the possibility of it becoming a reality gets stronger by the day.

 

Source

[Infinite_Vision]

Wow, this keeps getting worse for them.  Do they have incompetent people running it or are they doing it on purpose?  I have told family and friend to get out a while now.  There are a lot of normies at my work place that still go on there and share all kind of information and they don't know that their information is at risk.  They think that I don't know about stuff  that they posted but I know.   I have been keeping quiet for a while by just gathering my own intel and I know who their leaders are. 

 

Matter of fact, I think 17+ should send someone to look into my work place/current location in term of harrassment on conservative, libertarian, and free thinkers.  Algorithm? I know their games and I have files on the leaders of their games.  This is to remind them, this is not a game.   Reconcile. Dark to Light.  Even a one winged angel can spot a Judas a mile away.