Incidents

Are you a Facebook user? Your phone number is now exposed, even if you keep it private

Over the last year Facebook has committed multiple users’ privacy breaches, and this will not stop. Data protection specialists now report that the social network has leaked phone numbers of around 420 million users. Despite the company’s efforts to improve perception of its privacy policies, the situation does not seem to improve.

The database where phones linked to users’
accounts were stored was discovered online without any protection, such as a password.
In other words, anyone who knows where to look for this information could
easily find it. Based on phone numbers, most of those affected appear to be
originally from places such as the United Kingdom, the United States and some
Asian territories.

In addition, the database stored the Facebook
ID key corresponding to each phone number, even though the same company
announced a number of changes to restrict access to this information and fully
protect the identity of users. In the end, it seems that the changes had no
real effect.

To make the situation even worse, data protection experts mention that in addition to this information, some of the records in the database stored other sensitive details about users, such as names, gender, and location data. So far it is not known which company is responsible for this leak; “the only thing we can say is that the compromised server doesn’t belong to Facebook,” the experts added.

After the specialized platform TechCrunch revealed
the incident, a Facebook spokesperson mentioned that this information is out of
date: “It’s a database even prior to our new mobile phone data protection
policy,” he said. In addition, the representative of the social network
confirmed that access to the exposed database had already been disabled and
denied the existence of evidence of improper access to any Facebook account as
a result of this incident, although he could not deny that this is a still
latent risk.

The company is trying to reduce the impact of
this incident by sending security notifications for millions of users and
claiming that the actual number of affected users is around 200 million, as the
database contained duplicate records. However, data protection experts have
denied this version, ensuring that, after intensive analysis, no evidence was
found that duplicate data is available.

Facebook has made very serious mistakes on
privacy issues over the past year. In January 2019, the company confirmed that
it mistakenly stored millions of unencrypted Instagram
passwords. A couple of months later, the company revealed that, due to a
technical error, millions of children using Messenger Kids could enter any
group chat without any parental restrictions.

Data protection experts from the International
Institute of Cyber Security (IICS) believe that the best way to avoid these
incidents is to limit the amount of information we provide to social media
platforms. However, this can be counterproductive, as services like Facebook
require a phone number to implement multi-factor authentication, which adds one
more layer of security to our online profiles, so it is up to users to implement
or not their phone number on these services.

To Top

Pin It on Pinterest

Share This