Several databases containing records of over 419 million Facebook users were found unprotected on a server which left it accessible to anyone. The discovery was made by security researcher Sanyam Jain who reported it to TechCrunch. Early indications suggest 18 million UK users and 133 million US accounts are affected in the social media company’s latest data breach.
What information was exposed?
The exposed server which was not secured by a password contained unique Facebook IDs and phone numbers listed on the account. In some cases, the records included the user’s name, gender and location by country.
A Facebook spokesperson in response to the breach said, “This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers.”
“The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”
However, this leak leaves millions of users at risk of SIM-swap attacks and spam calls. Hackers with access to personal information such as phone numbers can intercept passcodes sent to the number for two-factor authentication logins. The Facebook ID can also be easily used to find out an account’s username.
“It’s really disappointing to see an organisation be so negligent with the care and security of its users. On the one hand we see Facebook attempting to convince users that it takes their privacy seriously, whilst in reality their actions or rather inactions in this case suggest that they really couldn’t care less.” says Jamal Ahmed, lead Privacy and GDPR compliance consultant for Kazient Privacy Experts.
This is not the first data breach Facebook has been involved with in recent years, although is the biggest yet. In early 2018, it was revealed that Cambridge Analytica harvested the personal data of 87 million Facebook users without their consent for political advertising. More recently, the private data of 49 million users was leaked when Facebook’s Instagram service was exposed to a data breach.
Facebook’s recent attempt at dealing with issues surrounding its data practices has included a one week privacy pop café initiative in the UK to help people with their privacy settings.
Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.