This enormous breach of almost 1/5 of Facebook’s 2.3 billion users’ phone number and unique ID listed on their accounts was not the result of a direct hack. Databases containing scraped information about Facebook’s users were found on a server and had no password protection or any other security in place leaving them for people to find and access them as open source information.
The data seems to have been collected during a time before Facebook’s revocation of its developers’ ability to access users’ phone numbers in 2018 and, whilst the owners of these databases remained a mystery, they were quickly isolated and removed after the web host was notified of their existence.
Zack Whittaker revealed that multiple databases across several geographies included “133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and more than 50 million records on users in Vietnam.”
Even though Facebook has made many changes to its policies and processes such a data breach, this enormous breach adds to the pressure on the social media giant to better protect its users and their data. In addition to the very recent $5 billion fine, Facebook has also reportedly agreed to allow greater government involvement in how it manages its data. Even considering this, however, the conditions of the settlement don’t appear to limit Facebook’s ability to collect and share user data with third parties.
A breach of this kind represents a huge security risk for those affected as SIM hacking is still an increasingly popular method used to commit identity theft and fraud. Not only that, but the 419 million Facebook customers were left susceptible to additional spam and cold call marketing.
Data hacks, breaches, and accusations of misuse don’t just happen to big brands like Facebook either, any company of any size which obtains and stores the personal data of its customers or users is at risk.