Recently, a huge database of Facebook users’ phone number was found online without the user even knowing about it. Facebook is the largest social media platform with millions of users engaging with the platform on a daily basis. Users link their phone number with Facebook accounts to secure their information with another authentication factor. But this association of phone numbers with Facebook accounts might put users’ phone numbers at stake. The exposure of server with more than 419 million records of multiple databases of user geographies. More than 133 million records were U.S. based Facebook users, 18 million records found online were of users in the U.K., and another database was found with more than 50 million records on users living in Vietnam. Due to ignorance of servers’ security, without the protection of password, anyone could easily find and access the database.
The records contain the user’s unique Facebook ID and phone number linked with Facebook accounts. The Facebook ID is a combination of long and public numbers associated with Facebook accounts to easily access account’s username whereas the phone numbers associated with accounts have been displayed as private since more than a year after the restriction of Facebook to access users’ phone numbers.
The team at TechCrunch recently verified a number of records available in the database to match with known Facebook users’ phone number against the Facebook ID. TechCrunch also checked other records by using the Facebook’s password reset feature and matching it with phone numbers and this can also be used in a way to partially reveal the phone numbers of users’ linked with their accounts. Some records found also contained the names of users along with gender and location by country.
The incident of Cambridge Analytica scandal that involved the scrapping of more than 85 million user profiles to detect voters in 2016 during the U.S. presidential election and this is the most recent security flaw revealed after Cambridge scandal. The team of Facebook has always been surrounded by scandals due to violation of user data or some high-profile scraping incidents at Instagram as well.
This recent scandal involves the exposure of millions of users’ phone numbers from their Facebook IDs increasing the risk of spam calls and SIM swapping attacks as well. Hackers rely on cell carriers to mistakenly give a person’s phone number that can help them to force-reset the password of any internet account associated with that number.
A security researcher named Sanyam Jain found the database of associated phone numbers and contacted TechCrunch after being unable to find the owner. When the team of TechCrunch contacted the web host, the database was pulled offline. According to Jain, the database contained phone numbers associated with several celebrity accounts and when reported to Facebook they responded that the database was accessed before the restriction of user phone numbers by Facebook. The database found by Jain contained old information of users before the changes made by Facebook after the last year restrictions. The data found online was taken down and there were no reports regarding any violation of Facebook users’ privacy.
Although there is no clear evidence of any compromised data but still there is curiosity to know who scraped the data from Facebook and why. After so many scandals, Facebook restricted the access of data to developers long time ago and the social media platform also made it more difficult for people to search for friends’ phone numbers but the data found online appears to be exposed into database not more than the end of last month which means the data is not new but it also doesn’t mean that it’s too old.
The exposure of data stored online without a password easily cause a malicious breach and represent the emerging problem. The team of Facebook always tries to secure its platform for its users but somehow ends up with a new scandal so the question remains the same whether to trust Facebook or not?
Read next: New Phishing Scam Targets Facebook's Verified Users!
The records contain the user’s unique Facebook ID and phone number linked with Facebook accounts. The Facebook ID is a combination of long and public numbers associated with Facebook accounts to easily access account’s username whereas the phone numbers associated with accounts have been displayed as private since more than a year after the restriction of Facebook to access users’ phone numbers.
The team at TechCrunch recently verified a number of records available in the database to match with known Facebook users’ phone number against the Facebook ID. TechCrunch also checked other records by using the Facebook’s password reset feature and matching it with phone numbers and this can also be used in a way to partially reveal the phone numbers of users’ linked with their accounts. Some records found also contained the names of users along with gender and location by country.
The incident of Cambridge Analytica scandal that involved the scrapping of more than 85 million user profiles to detect voters in 2016 during the U.S. presidential election and this is the most recent security flaw revealed after Cambridge scandal. The team of Facebook has always been surrounded by scandals due to violation of user data or some high-profile scraping incidents at Instagram as well.
This recent scandal involves the exposure of millions of users’ phone numbers from their Facebook IDs increasing the risk of spam calls and SIM swapping attacks as well. Hackers rely on cell carriers to mistakenly give a person’s phone number that can help them to force-reset the password of any internet account associated with that number.
A security researcher named Sanyam Jain found the database of associated phone numbers and contacted TechCrunch after being unable to find the owner. When the team of TechCrunch contacted the web host, the database was pulled offline. According to Jain, the database contained phone numbers associated with several celebrity accounts and when reported to Facebook they responded that the database was accessed before the restriction of user phone numbers by Facebook. The database found by Jain contained old information of users before the changes made by Facebook after the last year restrictions. The data found online was taken down and there were no reports regarding any violation of Facebook users’ privacy.
Although there is no clear evidence of any compromised data but still there is curiosity to know who scraped the data from Facebook and why. After so many scandals, Facebook restricted the access of data to developers long time ago and the social media platform also made it more difficult for people to search for friends’ phone numbers but the data found online appears to be exposed into database not more than the end of last month which means the data is not new but it also doesn’t mean that it’s too old.
The exposure of data stored online without a password easily cause a malicious breach and represent the emerging problem. The team of Facebook always tries to secure its platform for its users but somehow ends up with a new scandal so the question remains the same whether to trust Facebook or not?
Read next: New Phishing Scam Targets Facebook's Verified Users!