Can Facebook’s privacy problems get any worse? The latest data breach for the social network saw the leak of the phone numbers of hundreds of millions of Facebook users. If you registered your phone number on your Facebook account, then it’s probably out there too.
A security researcher recently found 419 million records on an unsecured server. This means that one needs no password to access them.
Of this number, about 18 million phone numbers were from Facebook users in the United Kingdom. Meanwhile, a whopping 133 million phone numbers were from American accounts.
Do you think that’s bad enough already? Well, it gets worse. The records found didn’t only contain Facebook users’ phone numbers. The researcher also found users’ Facebook identification, which can be used to discern a person’s Facebook username.
Sanyam Jain is the security researcher who first reported the database to the TechCrunch website. According to Jain, some of these records included the person’s gender and location details.
The latest scandal is extremely severe. However, security experts said a succession of previous Facebook data breaches should not detract from it. If you’re concerned about the latest leak, you can find out how to remove your phone number from Facebook HERE.
Is your Facebook information really safe?
Richard Walters, the chief technology officer of Censornet, spoke to The Independent on this matter:
“With 419 million phone numbers exposed, the volume of this data leak is huge. These details provide cybercriminals with a head start for carrying out fraudulent activity and identity theft… It is unacceptable for companies to suffer data leaks in this way. Once again, Facebook has let its users down.”
Apart from their passwords, many users rely on their phone numbers as another layer of protection. However, one way the phone numbers could be exploited is through so-called SIM-swap attacks. To do this, hackers intercept passcodes sent to the numbers for two-factor authentication logins.
Then, after doing this, they can break into Facebook users’ personal accounts. Hackers can also view their private messages or hijack the user’s posts. They could also intercept one-time passcodes to break into any number of personal accounts.
Facebook users whose numbers were exposed will also be vulnerable to spam calls. Meanwhile, a security researcher warned that hackers could actually use the data to hijack someone’s phone. More shockingly, “the more a hacker knows about you the more powerful they are.”
Dmitry Kurbatov, CTO of Positive Technologies, told The Independent:
“For instance, if he has information like name, surname, phone number, birth date, id number – this would probably be enough to impersonate you to your mobile carrier. Then he can ask to set up call and SMS forwarding or to swap the SIM. Essentially, from there, the number is hijacked.”
Facebook said the phone numbers have now been taken down. The tech giant also claims there is no evidence that any accounts were compromised with SIM-swapping attacks.