Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

400 Mn Facebook Users’ Phone Numbers Exposed in Privacy Lapse: Reports

Phone numbers linked to more than 400 million Facebook accounts were listed online in the latest privacy lapse for the social media giant, US media reported Wednesday.

Phone numbers linked to more than 400 million Facebook accounts were listed online in the latest privacy lapse for the social media giant, US media reported Wednesday.

An exposed server stored 419 million records on users across several databases — including 133 million US accounts, more than 50 million in Vietnam, and 18 million in Britain, according to technology news site TechCruch.

The databases listed Facebook user IDs — unique digits attached to each account — the profiles’ phone numbers, as well as the gender listed by some accounts and their geographical locations, technology website TechCrunch reported.

The server was not password protected, meaning anyone could access the databases, and remained online until late Wednesday when TechCrunch contacted the site’s host.

Facebook confirmed parts of the report but downplayed the extent of the exposure, saying that the number of accounts so far confirmed was around half of the reported 419 million.

It added that many of the entries were duplicates and that the data was old.

“The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised,” a Facebook spokesperson told AFP.

Following the 2018 Cambridge Analytica scandal, when a firm used Facebook’s lax privacy settings to access millions of users’ personal details, the company disabled a feature that allowed users to search the platform by phone numbers.

Advertisement. Scroll to continue reading.

The exposure of a user’s phone number leaves them vulnerable to spam calls, SIM-swapping — as recently happened to Twitter CEO Jack Dorsey — with hackers able to force-reset the passwords of the compromised accounts.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...