TechCrunch reports more than 419 million IDs and Facebook phone numbers stored in online servers that are not password protected. The dataset includes 133 million records for users in the US, 18 million in the UK and 50 million in Vietnam. However, this database was offline after TechCrunch contacted the web hosting unit.
Facebook confirms this is true and is investigating when the database was collected and by whom. The company spokesman also confirmed the actual number "is only" approximately 210 million because of the other 419 million there is a lot of duplicate data.
Facebook emphasizes the exposed data is "old" and can be aggregated before the policy changes in April 2018. The social network failed to find evidence of Facebook accounts being compromised.It seems that the data was collected using a tool that Facebook has disabled since April 2018 after the Cambridge Analytica scandal. Prior to that time, Facebook allowed anyone to search for users by their phone number.
The spokesperson did not answer the question about whether Facebook notifies users whose phone numbers were leaked or provided any solutions to appease those affected.
The fact that Facebook considers the data to be "old" is unreasonable because it is inextricably linked with users and potentially risky. Although not as sensitive as their identification numbers, they are important identifiers that can be used to hijack other personal or family information from online brokers.
Even experienced attackers can use phone numbers and information obtained from brokers or social networking sites (such as home addresses, family members, etc.) to persuade the network provider to transfer phone numbers. Voice of victim to another phone.
The newest and most famous victim of this attack is Twitter CEO Jack Dorsey. His Twitter account was attacked by a group of hackers who seem to have gained control of the phone number. On September 4, Twitter announced that it temporarily disabled the ability to send tweets via SMS due to a flaw that needs to be addressed by the network.