Attackers posted on the Internet a leaked database with information about the phone numbers of millions Facebook users.The discovered server contained databases with data from more than 419 million users from different countries, including from the USA (133 million), Vietnam (50 million), and Great Britain (18 million). Since the server was not password protected, anyone could access the databases, TechCrunch reports.
Each entry contained a unique account identification number and a phone number associated with it. In some cases, the username, gender and country of residence were also indicated.
Facebook confirmed this information and said it was investigating when and by whom the database was compiled.
“However, the actual number of users whose information was disclosed was approximately 210 million, 419 million records were due to duplicates”, – said a company representative.
According to experts, the disclosed user data can be used either by cybercriminals to send spam, or for the SIM-card swapping technique (SIM-swappping). Using a phone number, the criminal can reset the password of any Internet account associated with the number.
The records were likely amassed using a tool that Facebook disabled in April 2018 in the aftermath of the Cambridge Analytica controversy. The revelations showed how Facebook’s lax approach to privacy had allowed a political consultancy to obtain personal information from tens of millions of profiles.
“This data is outdated and contains information obtained before last year when we made changes to disable user’s option to find others by their phone numbers. The data was deleted, and we did not find any evidence that the Facebook accounts were compromised”, – Facebook representative commented on the situation.
Despite the fact that Facebook characterizes the data as “old”, phone numbers are becoming an increasingly important key to the person and source of potential vulnerability.
Although the leakage of a telephone number is not as sensitive as social security numbers, they are important identifiers that can be used to quickly obtain significant amounts of personal information about a person and his family.
User Review( votes)