A Huge Database of Facebook Users' Phone Numbers Found Online (techcrunch.com) 36
Hundreds of millions of phone numbers linked to Facebook accounts have been found online. TechCrunch: The exposed server contained over 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam. But because the server wasn't protected with a password, anyone could find and access the database. Each record contained a user's unique Facebook ID and the phone number listed on the account. A user's Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account's username. But phone numbers have not been public in more than a year since Facebook restricted access to users' phone numbers. TechCrunch verified a number of records in the database by matching a known Facebook user's phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook's own password reset feature, which can be used to partially reveal a user's phone number linked to their account.
Sure, Facebook (Score:4, Interesting)
And here we are.
Re: (Score:2)
"Your Privacy" is a notion contrary to their business model of selling information about you. It's really that simple.
Eh? And More obvious question (Score:2)
I took Facebook's "Add your phone number to secure your account" recommendation as seriously as their implying that the other "privacy settings" controls were actually hooked up to anything on the back end, as far as mass-selling of my data to whoever wants to buy it was concerned.
And here we are.
I bet that unclear thing is going to get moderated "insightful" on the first post effect.
My obvious querulous comment about the story: What I was looking for was a way to check to see if I was included.
Yes, I know it's tricky to do it in a secure way. Maybe search on 1/3 of a user name against 1/3 of a possible phone number? Then you would need some sort of identity check to confirm you were actually one of the candidates and not some hacker trying to scrape more phone numbers...
Or maybe it would be suffici
Re: (Score:3)
Does Facebook have your phone number? Then you're pwned. (Probably)
113 million Americans is about half the adult population. That seems like a reasonable upper bound on the number of people who would have a Facebook account and tie it to a phone number. I don't see any reason to believe the fraction of phone numbers leaked in this database is less than "all of them".
Re: (Score:3)
I'm not in the States, but I still agree with the premise of your first paragraph.
I actually think 2-factor identification is, in theory, a good thing. In practice, Facebook. Checking on my phone, I also see the google, LinkedIn, something unknown (and some I prefer to skip), WhatsApp (and another app of that type), some store, Apple, and... Any or all of them might get hacked, or maybe the phone company in between.
I think the question of how to tell if your personal information has been stolen is actually
Re: (Score:2)
Sorry if I ruined your day.
For what it's worth, my sig is both more unclear, and more insightful.
Public masturbation of 675968 (Score:2)
Z^-1
Re: (Score:2)
Yeah, ditto Google. I just lost access to a gmail account because, even though the recovery email account worked fine, *they still needed a valid mobile number for my safety*.
Re: Sure, Facebook (Score:2)
So like a phone book? (Score:2)
IMHO it's good Facebook leaked it. I'd rather that data be public, than a Facebook monopoly.
Re: (Score:1)
With the old phone books, opting out actually worked.
Re: (Score:2)
You had to pay to be unlisted. At least that's how it was with Bell Atlantic back in the day.
Re: (Score:2)
No, we didn't pay for unlisted in college - we listed the number in a fictitious person's name.
The name was frequently a mnemonic, when a friend asked for your number you could say a "name" that was VERY easy to remember, they could call 411 for it. Yea, 411
Oh well its Facebook today. Makes me have fond memories.
"Back in the day" you didn't show id to get a phone line.
Re: So like a phone book? (Score:2)
Re: (Score:2)
https://en.wikipedia.org/wiki/... [wikipedia.org]
Historically access to this information has been controlled to a limited group that "needs to know" (police, emergency services, etc.). Nowadays, people just use Google to do reverse lookups. But in that case, as far as I'm concerned, someone who calls you (spammer, marketer, or otherwise) implicitly consents to you knowing who they are.
Re: So like a phone book? (Score:2)
Re: (Score:2)
No, historically it was "controlled" by charging a high sticker price for the book.
When I was a teenager and was washing mobile homes as a part-time job, we would just go the library to use the book. Competitors sometimes ripped out the pages for the mobile home parks they focused on, but we'd just use an older year for those parks and most of the numbers were the same.
And still, having to know where books are kept, and how to look them up, and how to read and all that, most competitors didn't use it. There
Re: (Score:2)
Is that considered bad now?
It is if you can use the alleged "phone number" to reset someone else's account password.
(Which reminds me, remember back in the days when there were online reverse phone lookups that didn't run you around a maze of advertising windows and try to get you to sign up for a premium account?)
Re: So like a phone book? (Score:1)
ok, we get it (Score:2)
Solutions, please (Score:2)
At what point will posting things online being "exposed" stop being news? Hint: there is no "on line" security.
I think that's a defeatist attitude. Sadly true as things stand, but are you unable to imagine any solution approach?
I can. Simply agree that your personal information belongs to you. Unauthorized possession of your personal information becomes a crime, no matter what the reason. Any business possessing a million people's information without their permission is charged with a million counts. It doesn't matter if the affected people are ignorant of the unauthorized possession because it would already be a cr
Re: (Score:2)
And yet the suits don't get to go to jail. At most, it will be lower level employees because they have "fall guy" in their unwritten job description.
Of course, we need to continue to let them lock us up (our devices) because they are Trustworthy,
Re: ok, we get it (Score:2)
RIAA level fines (Score:2)
Start privacy fines at $20,000 per person and levy the fines against the top 100 shareholders and then see how corporate policy changes.
More calls from the IRS? (Score:2)
I don't have 2-factor on my FB account, I figure the less data they have the better. But once upon a time I did accidentally sync my addressbook with FB --- so everyone's phone# might be out there now !! :-)
Sigh (Score:1)
giving your phone number to FB? (Score:2)
The End of 2FA (Score:2)
So now anyone with this database knows just which phone number to "borrow" to take over an account with 2FA enabled.
This means that 2FA has just been rendered moot to anyone able to break into your account primary password/security questions/linked e-mail account.
Sweet!
Re: (Score:2)
Or maybe it forces them to use real 2fa and not a txt message ? Like I dunno, one of the many apps available, or possibly the damn google authenticator ?
Re: The End of 2FA (Score:2)
Kickstarter to robocall (Score:2)
And this is why my account has no phone attached (Score:2)
And is full of bogus information.
Fuck them.
magnet link anyone? (Score:2)