Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Facebook Privacy Security Social Networks

A Huge Database of Facebook Users' Phone Numbers Found Online (techcrunch.com) 36

Hundreds of millions of phone numbers linked to Facebook accounts have been found online. TechCrunch: The exposed server contained over 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam. But because the server wasn't protected with a password, anyone could find and access the database. Each record contained a user's unique Facebook ID and the phone number listed on the account. A user's Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account's username. But phone numbers have not been public in more than a year since Facebook restricted access to users' phone numbers. TechCrunch verified a number of records in the database by matching a known Facebook user's phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook's own password reset feature, which can be used to partially reveal a user's phone number linked to their account.
This discussion has been archived. No new comments can be posted.

A Huge Database of Facebook Users' Phone Numbers Found Online

Comments Filter:
  • Sure, Facebook (Score:4, Interesting)

    by Empiric ( 675968 ) on Wednesday September 04, 2019 @03:21PM (#59158558)
    I took Facebook's "Add your phone number to secure your account" recommendation as seriously as their implying that the other "privacy settings" controls were actually hooked up to anything on the back end, as far as mass-selling of my data to whoever wants to buy it was concerned.

    And here we are.
    • Fallacy step one... using the terms "facebook" and "secure" in the same sentence and assuming they relate to you in the slightest.
      "Your Privacy" is a notion contrary to their business model of selling information about you. It's really that simple.
    • I took Facebook's "Add your phone number to secure your account" recommendation as seriously as their implying that the other "privacy settings" controls were actually hooked up to anything on the back end, as far as mass-selling of my data to whoever wants to buy it was concerned.

      And here we are.

      I bet that unclear thing is going to get moderated "insightful" on the first post effect.

      My obvious querulous comment about the story: What I was looking for was a way to check to see if I was included.

      Yes, I know it's tricky to do it in a secure way. Maybe search on 1/3 of a user name against 1/3 of a possible phone number? Then you would need some sort of identity check to confirm you were actually one of the candidates and not some hacker trying to scrape more phone numbers...

      Or maybe it would be suffici

      • Does Facebook have your phone number? Then you're pwned. (Probably)

        113 million Americans is about half the adult population. That seems like a reasonable upper bound on the number of people who would have a Facebook account and tie it to a phone number. I don't see any reason to believe the fraction of phone numbers leaked in this database is less than "all of them".

        • by shanen ( 462549 )

          I'm not in the States, but I still agree with the premise of your first paragraph.

          I actually think 2-factor identification is, in theory, a good thing. In practice, Facebook. Checking on my phone, I also see the google, LinkedIn, something unknown (and some I prefer to skip), WhatsApp (and another app of that type), some store, Apple, and... Any or all of them might get hacked, or maybe the phone company in between.

          I think the question of how to tell if your personal information has been stolen is actually

      • by Empiric ( 675968 )

        Sorry if I ruined your day.

        For what it's worth, my sig is both more unclear, and more insightful.

    • Yeah, ditto Google. I just lost access to a gmail account because, even though the recovery email account worked fine, *they still needed a valid mobile number for my safety*.

  • Those used to be delivered to people's doorsteps. Is that considered bad now?

    IMHO it's good Facebook leaked it. I'd rather that data be public, than a Facebook monopoly.

    • With the old phone books, opting out actually worked.

      • You had to pay to be unlisted. At least that's how it was with Bell Atlantic back in the day.

        • No, we didn't pay for unlisted in college - we listed the number in a fictitious person's name.
          The name was frequently a mnemonic, when a friend asked for your number you could say a "name" that was VERY easy to remember, they could call 411 for it. Yea, 411

          Oh well its Facebook today. Makes me have fond memories.

          "Back in the day" you didn't show id to get a phone line.

    • by Empiric ( 675968 )
      Yes, it is considered "bad" to have your phone number distributed without your consent, and has been for a long time.

      https://en.wikipedia.org/wiki/... [wikipedia.org]

      Historically access to this information has been controlled to a limited group that "needs to know" (police, emergency services, etc.). Nowadays, people just use Google to do reverse lookups. But in that case, as far as I'm concerned, someone who calls you (spammer, marketer, or otherwise) implicitly consents to you knowing who they are.
      • Bullshit. In the early *cell phone* days people didn't want their *cell* numbers listed due to unlimited calling not even being available, never mind affordable. Almost everyone had access to your land line number and almost nobody gave a flying fuck.
      • No, historically it was "controlled" by charging a high sticker price for the book.

        When I was a teenager and was washing mobile homes as a part-time job, we would just go the library to use the book. Competitors sometimes ripped out the pages for the mobile home parks they focused on, but we'd just use an older year for those parks and most of the numbers were the same.

        And still, having to know where books are kept, and how to look them up, and how to read and all that, most competitors didn't use it. There

    • by skids ( 119237 )

      Is that considered bad now?

      It is if you can use the alleged "phone number" to reset someone else's account password.

      (Which reminds me, remember back in the days when there were online reverse phone lookups that didn't run you around a maze of advertising windows and try to get you to sign up for a premium account?)

      • I hate those 'services'. They fuck with you and try to milk you dry and then punch you in the face by saying "you must pay to view this listing". They even have fake "searching data bases" status bars to waste your time. I wouldn't give those assholes my CC# anyway. Anybody who resorts to those tactics are more than happy to sell your info to identity theft rings.
  • At what point will posting things online being "exposed" stop being news? Hint: there is no "on line" security.
    • At what point will posting things online being "exposed" stop being news? Hint: there is no "on line" security.

      I think that's a defeatist attitude. Sadly true as things stand, but are you unable to imagine any solution approach?

      I can. Simply agree that your personal information belongs to you. Unauthorized possession of your personal information becomes a crime, no matter what the reason. Any business possessing a million people's information without their permission is charged with a million counts. It doesn't matter if the affected people are ignorant of the unauthorized possession because it would already be a cr

      • And yet the suits don't get to go to jail. At most, it will be lower level employees because they have "fall guy" in their unwritten job description.

          Of course, we need to continue to let them lock us up (our devices) because they are Trustworthy,

    • Exactly! That's why nobody ever does any banking online.
  • Personal information should be worth more than a music track.

    Start privacy fines at $20,000 per person and levy the fines against the top 100 shareholders and then see how corporate policy changes.
  • I don't have 2-factor on my FB account, I figure the less data they have the better. But once upon a time I did accidentally sync my addressbook with FB --- so everyone's phone# might be out there now !! :-)

  • Just another reason to Fuck the Zuck. Preferably with a large broom handle covered in fish hooks and smothered in Smack My Ass & Call Me Sally (https://www.delish.com/food/g27320819/hottest-hot-sauces/ ).Might want to add some sandpaper, salt, and alcohol to the mix.
  • Well, you deserve what you get. ANY time a website, other than work, bank, doctor etc...wants my phone number, I give them my OLD landline number, which I dropped about 2001.
  • So now anyone with this database knows just which phone number to "borrow" to take over an account with 2FA enabled.
    This means that 2FA has just been rendered moot to anyone able to break into your account primary password/security questions/linked e-mail account.
    Sweet!

  • Hey, how about we set up a Kickstarter to fund a robocall campaign to call everyone on that database & play them a message in the voice of Mark Zuckerberg? Whaddaya think? What message should we play to them?
  • And is full of bogus information.

    Fuck them.

  • for research purposes, of course

Genius is ten percent inspiration and fifty percent capital gains.

Working...