Facebook is at the centre of yet another data privacy issue, this time it affects over 400 million of their users across the globe. An unprotected server was accessed by a security researcher who was able to find the users phone numbers linked to their unique Facebook ID’s. Some records actually showed the users' name, gender, and location.
The database was found by Sanyam Jain, a security researcher. He wasn’t able to find the owner of the server, so he notified TechCrunch, a well-known tech website. They requested the removal of the database from the web host, which was done quickly. Afterwards, Zack Whittaker, TechCrunch Security Editor, published a detailed coverage of this data leak.
It is still unknown who published the database and it has evidently now been scraped from Facebook. A spokesperson for Facebook has said, “This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers.”
They continued to say that, “the data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”
The Facebook spokesperson has also suggested that the number of affected users was way less than 419 million due to duplicates. However, the TechCrunch reporter wasn’t reassured by this statement.
Funny how Facebook says a lot of the exposed user phone numbers are "duplicates". https://t.co/l3cYljh3Wu
A spokesperson told me background that only 217 million are affected. But that's just one database — see below. There's a lot more data — and little evidence of duplication. pic.twitter.com/f0AFecUS2y
— Zack Whittaker (@zackwhittaker) September 5, 2019
When asked to comment on the situation, Alun Baker, CEO at MacKeeper, the creators of MacKeeper said, “Facebook’s response to their latest data breach shows once again that they are more focused on denial and their own personal reputation than the reputation and security of their customers.”
He continued on to say, “looking at the high-profile data breaches this year, it is fair to conclude that consumers are under as big a threat from incompetent or irresponsible corporations abusing their data as they are from direct personal cyberattacks. Furthermore, we see this worrying trend that companies do not seem to ever stand in their customers' or consumers’ shoes and look at the potential damage such breaches can have in the lives of the victims (their customers). The claims by many of these companies that they are customer-centric are starting to sound particularly hollow.”
How might the leaked data be used?
As the server wasn’t secured with a password, any skilled internet user could discover and download the data. The database had phone numbers linked to Facebook IDs, which made it easy to reveal the respective usernames.
Had this data that included a huge list of phone numbers, fallen into the wrong hands, it could have had serious consequences for the affected Facebook users. Online pirates and hackers could easily have used the data maliciously in order to control the leaked phone numbers and access any of the users’ associated online accounts.
If you want more information on data breaches and how they really work, read the in-depth article on that subject, that we recently published.
Have data leaks like this happened before?
Yes and unfortunately data breaches like this aren’t uncommon. Facebook and the services that it owns, such as Instagram and WhatsApp, have found themselves at the centre of privacy scandals on numerous occasions. Check out the timeline below and you’ll see when the biggest leaks or data breaches took place.
How can you protect your data?
Your data is really valuable and although it’s not always possible to be 100% protected, there are measures you can take to seriously reduce the likelihood of your data being leaked or stolen.
We’ve developed two privacy tools that can help you to protect your personal data and block covert trackers from watching your online habits.
ID theft Guard – this tool can monitor your email addresses and send you immediate alerts if your data is at risk. It can even secure your email accounts if there is suspicious activity.
StopAd – another useful tool from MacKeeper could also be useful. It’s a browser extension for Google Chrome and Safari that can block ads and stop trackers from following your online behaviour.
Check them out today and make sure that your data is kept secure.