The phone numbers associated with over 400 million Facebook accounts were exposed online in the latest privacy dilemma for the social media giant. 

TechCrunch reported on Wednesday that an exposed server storing 419 million records was found online - 133 million belonging to U.S. users, 50 million Vietnamese users, and 18 million U.K. users. This server was not protected with a password, meaning anyone could access the database up until late yesterday evening once the host took down the site.

Each record contained a user's unique Facebook ID and phone number associated with the account. The users Facebook ID is a long, unique public number associated with the account. But users phone numbers have not been public since access to users' phone numbers was restricted in 2018 following the Cambridge Analytica scandal

Facebook has confirmed that there is some truth to these allegations but has noted that the number of accounts so far confirmed is less than half of the reported 419 million and that the majority of the data was old and contained duplicates. 

Facebook's latest data breach is a textbook example of the issue with storing data online, publicly without password protection. While data exposure is often linked to human error rather than malicious in nature, data exposures such as this put millions of users at risk for spam calls and SIM-swapping. SIM swapping involves tricking cell phone carriers into giving a person's phone number to an attacker which enables the attacker to force-reset passwords on any internet accounts linked to that phone number. 

This technique was recently carried out by the hacker group Chuckling Squad to hijack Twitter CEO Jack Dorsey's account and tweet offensive messages and declare a bomb threat. The tweets have since been removed and Twitter has temporarily disabled the feature that allows users to post tweets via SMS. 

 

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.