Facebook is under immense pressure yet again. The social media giant is slacking in keeping the privacy of its users intact. Just last night, news broke out that the phone numbers of 419 million Facebook users got exposed due to an unsecured server.
It’s no secret that just earlier this year, Facebook tried to silently disclose how millions of unencrypted Instagram passwords had been stored in plain text online. Ever since that incident, Facebook has been struggling and making promises to strengthen the privacy of its users.
Such commitments are not new to Facebook, and with an off-Facebook privacy tool, Facebook aims to be solving the problem of which third-parties have used your data. Not to forget the ‘technical flaw’ which allowed children using the Messenger Kids app to participate in group chats with strangers but without parental permission.
Facebook works in mysterious ways, and it’s still unclear why the social media giant isn’t putting its foot down and clamping its privacy and security practices.
How did 419 million phone numbers get leaked?
In simple words: an unprotected server. A Facebook server containing private information of its users was found without password protection. Talk about privacy?
What this means is that anyone who’s looking for loopholes could easily discover and access this database. The exposed server was home to more than 419 million records and dozens of other databases on Facebook users.
New Facebook data leak:
— F-Secure KEY (@FSecureKEY) September 5, 2019
The database was spread out across geographies, including 133 million records of U.S.-based Facebook users, 18 million records of UK users, and another with more than 50 million records on users in Vietnam.
What else got leaked?
The data records contained both the Facebook ID unique to every Facebook user and their phone number, which was linked to that account. What’s ironic is that on April 4, 2018, Facebook announced that it was making changes to ‘better protect their user’s information by limiting people from having any access to this data.
In that statement, Facebook also said ‘we know we have more work to do’ and with this massive data leak, it clearly shows that there’s a lot the social media giant has to work on.
The social network claims that following the Cambridge Analytica scandal in March 2018, the company shut down that search tool in April 2018.
An investigation done by TechCrunch revealed that some of the records in these unsecured databases also contained the ‘user’s name, gender, and location by country.’ This goes to show that Facebook is covering up some gruesome details of the leak as to not instigate public criticism of the company.
Security experts’ opinions on the Facebook data leak
Jake Moore, a cybersecurity specialist at ESET, says that:
It seems crazy that personal data of this magnitude could be on a server unprotected in 2019, but this just highlights how data gets forgotten about, and mistakes can happen.
Ethical hacker John Opdenakker says that:
In general, it’s best not to provide your phone number to online applications, period.
While it’s true that several services, these days, require users to submit their phone numbers for password reset or to enable two-factor authentication (2FA), it also serves as means to exploit those users later on.
It’s also important to realize that SIM-swapping attacks are on the rise in numerous countries, which is why it’s essential to secure your phone number as much as possible.
Tell me again why you’re still on Facebook?https://t.co/Z6dvfLwQrr
— Daniel Denning (@danielKdenning) September 5, 2019
Source: Forbes, TechCrunch