Jump to content

Menu

News: Millions of Facebook user phone numbers exposed online, security researchers say


Recommended Posts

Posted

From CNet https://www.cnet.com/news/millions-of-facebook-user-phone-numbers-exposed-online-security-researchers-say/

 

“More than 267 million Facebook user phone numbers, names and user IDs were exposed in a database that anyone could access online, adding to a long list of privacy and security mishaps that continue to plague the world's largest social network.

Security researcher Bob Diachenko discovered the trove of Facebook user data on Dec. 14. The database, which has been pulled down, wasn't protected by a password or any other safeguard. Access to the database was removed, but by then the information had been out in the open for nearly two weeks. Someone had also made the data available for download on a hacker forum, according to Comparitech, a UK technology research firm that worked with Diachenko. 

...

Comparitech said the exposed Facebook data puts users at risk for spam and phishing campaigns. A Facebook user ID contains unique numbers that can be used to figure out a person's Facebook username and other profile information. 

Diachenko thinks that criminals in Vietnam obtained the user records through two possible ways. They could have exploited Facebook's application programming interface, or API, that lets developers access data such as their friends list, photos and groups. This might have happened before Facebook restricted access to user phone numbers in 2018 or afterward because of a possible security hole. Criminals could have also used automated technology to scrape the information from public Facebook profiles. 

In an email, Diachenko said that a welcome page and dashboard linked to the database included a Vietnamese invitation asking for a login and password. It appears that the database was set to public by mistake because "there are no good reasons to publicly expose this data," he said.

A Facebook spokesman said in a statement that the company is looking into the issue but thinks the data was likely harvested before it made changes to better safeguard user information such as restricting access to phone numbers.

To help protect your Facebook data from getting scraped, you can change your privacy settings so search engines outside of Facebook can't link to your profile. You can also deactivate or delete your Facebook account.”

Posted

I deleted my FB account years ago. Then about six months ago, I set up an account there with a fake name, and no true identifying information. I did it because I was interested in one FB group. That group turned out not to be as interesting to me as I thought it would be, so I didn't use my account more than a few times.

When this latest hack was discovered, I decided to delete that account too. In the middle of the deletion process, a screen popped up for me to log-in. Luckily I had read the disclaimers throughout the process. If I had logged in via that screen, the deletion process would have been aborted. I waited a minute or two and the log-in screen disappeared.

I wish we had privacy laws in the U.S. The New York Times has a great series of articles about how our privacy has been violated in many ways which are much more extensive than most people realize.

That said, I don't actually need FB any more. But if I wanted to participate, I would not log into any accounts on other sites via FB (or Google), and I would not put my phone number on FB, and I would not pay for anything using a payment service via FB or Google (except by gift card). I'm not up-to-date on paying for things via FB, but I vaguely recall that the service is either available or planned for the near future.

If I want to see something on FB, I just ask my daughter to pull it up on her phone. Wait! It's always up on her phone. She is not as weird about privacy as I am. Then again, she never had Alexa spout a list of Harry Potter movie suggestions immediately after I said, "Which Harry Potter movie should we watch?". See the problem? None of those words could be mistaken by Alexa for "Alexa". There were two people in the house. Until I asked that question, we were both *silently* reading.

Oops. Sorry, I've gone on too long. This is about FB, not Alexa. I know that. But what the heck, I'm going to leave that paragraph here anyway. Yes, even though I'm starting to think ya'll will think I'm the Queen of Paranoia.

  • Like 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...