Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Facebook Security

Facebook Says It's Your Fault That Hackers Got Half a Billion User Phone Numbers (vice.com) 65

A database containing the phone numbers of more than half a billion Facebook users is being freely traded online, and Facebook is trying to pin the blame on everyone but themselves. From a report: A blog post titled "The Facts on News Reports About Facebook Data," published Tuesday evening, is designed to silence the growing criticism the company is facing for failing to protect the phone numbers and other personal information of 533 million users after a database containing that information was shared for free in low level hacking forums over the weekend, as first reported by Business Insider. Facebook initially dismissed the reports as irrelevant, claiming the data was leaked years ago and so the fact it had all been collected into one uber database containing one in every 15 people on the planet -- and was now being given away for free -- didn't really matter.

So instead of apologizing for failing to keep users' data secure, Facebook's product management director Mike Clark began his blog post by making a semantic point about how the data was leaked. "It is important to understand that malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019," Clark wrote. This is the identical excuse given in 2018, when it was revealed that Facebook had given Cambridge Analytica the data of 87 million users without their permission, for use in political ads. Clark goes on to explain that the people who collected this data -- sorry, "scraped" this data -- did so by using a feature designed to help new users find their friends on the platform.

This discussion has been archived. No new comments can be posted.

Facebook Says It's Your Fault That Hackers Got Half a Billion User Phone Numbers

Comments Filter:
  • They're not wrong... (Score:5, Interesting)

    by Anonymous Coward on Wednesday April 07, 2021 @10:44AM (#61247148)

    Hear me out, it really isn't, if you think about it:

    1) It's not Facebook's fault you voluntarily signed up and created an account on their platform
    2) It's not Facebook's fault you didn't spend 5-10 minutes going over the privacy settings and limited access
    3) It's not Facebook's fault the average user is an idiot that doesn't bother to read the ToS where they basically say "Yah, this is free, but we can do whatever we want with what you share openly, unless you tell us not to".

    It's honestly getting tiresome to read stories about 'hackers', when what really happened is someone took the time to scrape the publicly available data freely given by the users. At what point do we stop coddling the average end-user stupidity and just plainly state "Yah, it's out there, but it's your fault because you were a dumbass.".

    • True. Scraping the Web for what is out there, for the asking, is never the fault of the grabber, who isn't a 'hacker' by common definition.

      It's a security lapse, and only FB to blame. Funny, at work, we have three network and data security teams; One internal, we control access and do not trust anyone; One external, of course we keep the rats out; And one, testing and challenging the other two, always. So far we've been fairly successful, so far as I can tell. But that third team should be at FB et al, cons

      • Facebook: "A client, who paid us for the privilege, collected some of our product - the mountains of data we collect on any poor sheep foolish enough to stumble by for sheering. Nothing to see here, move along."
    • by dstwins ( 167742 ) on Wednesday April 07, 2021 @10:56AM (#61247226) Homepage

      True.. and yet, its their fault for even collecting this information in the first place.. If the data wasn't there, then there would be so little reason to "scrape" facebook.. So while the users are to blame for USING facebook (something no sane person should).. Its facebook's fault for collecting information that should not be there.. the only thing that should be REQUIRED is an email address (For validation and feedback), a username and an password of some sort.. EVERYTHING else should NOT be collected.

      Banks have to collect some information simply because of the moronic laws we have.. So when they get hacked.. well.. its bad.. but something like facebook.. (which by all rights should not even exist).. I mean seriously???

      • Collecting and exposing contact data to the right people was actually the original purpose of Facebook.

        I would love a straightforward reliable service that allows my friends to securely update and expose their address info, contact info, etc. without me having to manage that in my own contacts list. Facebook has obviously become something different entirely, but technically that original purpose is still there.

    • You didn't have to pay the Mob "Protection" money. So it is your fault if "something would happen" to your home/business if you didn't pay up.

      If you did pay "Protection" money, and something happened, the Mob isn't going to take responsibility, because you can't prove it was from them anyways.

    • by hey! ( 33014 ) on Wednesday April 07, 2021 @11:38AM (#61247430) Homepage Journal

      You're assuming Facebook tracking is limited to Facebook users. It's not. Facebook tracks non-subscribers who visit third party sites that use Facebook services too.

    • You know what they say, "Fool me 286 times, shame on you. Fool me 287 times, shame on me." Anyone who still has any information on Facebook that they don't consider public knowledge deserves what they get. Time to switch to an ad-free alternative like MeWe [mewe.com].

    • You used to be able to search for phone numbers on facebook, and it would return the person who had that number, even if they chose to hide their phone number in the privacy options.

      • Why did anyone ever give Facebook a phone number? It's not required in order to use the service.

        • I many cases they didn't. A relative or friend shared their contacts with Facebook and now they have it anyway.
          • And this should be a felony. My phone number is public information. It is attached to my name and address. I'm fine with that. I gave the phone company permission to publish that information in the phone book. I didn't give Facebook my permission to attach my phone number to my IP address or my alias. That was the point of making an alias. Making these connections that are intended to be private is like reaching into my open window and pulling back the curtains to watch me take a shower.
        • I use FB for exactly one special interest car group.

          When you log in, it tells you to secure your account by adding your phone number. Every. Single. Time.

    • Opting out of bad security defaults should not be required.

    • I had a Facebook account shortly after they started up. After a half-dozen or so times of them unilaterally and without warning changing my previously-selected privacy settings to permit additional data sharing, I called it quits. That bad behavior of them modifying users’ privacy settings without consent or warning continued for a few more years after I left. Didn’t matter what setting the user had set, Facebook would suddenly opt them in to sharing that data.

      A few years after I left, it finall

    • My privacy settings on Facebook are all carefully set and periodically reviewed. My phone number is not visible to the public and never has been. So when I see that it is included in the database, it makes me wonder, if the data was only from publicly available information scraped from FB, how did they get my phone number?

    • by sjames ( 1099 )

      It's not Facebook's fault people got confused when they asked should we not not not not not not share your data? And in small grey print on a separate page: you did want to make an exception for our affiliates (by which we mean anyone who gives us a dollar), right?, and finally you should have seen the bit in 2 pt. font on page 37 that said "Oops, we had our toes crossed".

    • panem et circenses
      i will inform my grandma that she's been a naughty negligent girl and she needs an urgent crash course in social engineering at Mitnick industries ... Markymark said so , so it must be true
  • by Anonymous Coward

    So now hackers have Jenny's number (867-5309) too? Hardly a big deal. I got her name and number off the (bathroom) wall.

  • If you use social media, it's partly your responsibility to "keep your data safe" or just not provide it.

    That being said, there is a pretty high level of responsibility for the platform provider. Especially if the data you provide to them is "required" for participation on their platform.

    Let the Class Action lawsuits commence. Please don't forget about the poor lawyers who need every last percent of any court awards. /s

  • by OzPeter ( 195038 ) on Wednesday April 07, 2021 @10:54AM (#61247216)

    I have never explicitly given my phone number to FB, even though they keep asking for it in order to help protect my FB account.

    But given that FB likes to create shadow profiles of non-FB users, is it also likely that they have already have my phone number associated with my FB account because they like to play connect the dots?

    • by NateFromMich ( 6359610 ) on Wednesday April 07, 2021 @11:09AM (#61247294)

      I have never explicitly given my phone number to FB, even though they keep asking for it in order to help protect my FB account.

      But given that FB likes to create shadow profiles of non-FB users, is it also likely that they have already have my phone number associated with my FB account because they like to play connect the dots?

      They probably have your phone number. All you need is one idiot that has your phone number in their contacts and you're screwed, because Facebook asked them for access to that, and you know they clicked "Ok".

      • Exactly. I've never had a Facebook account, but I sat and thought about what they had in my dossier anyway.
        They certainly have my name, address, phone number from all my family members who gave them access to their contacts.
        They certainly know all my familial relations for the same reason.
        They have my picture, because of the family sharing photos annotated with names
        They know a lot about me from the website tracking they do (my wife complains when I block Facebook domains at the router, because, you know,

        • And I thought that getting on board Musk's first starship going to Mars wouldn't be a bad idea.

          Lol, I've been thinking that as well. I doubt he'd need a broke, middle aged, overweight dude on Mars though.

    • by Tablizer ( 95088 )

      I have never explicitly given my phone number to FB, even though they keep asking for it in order to help protect my FB account.

      It's often the case companies invent reasons to collect as much personal info as possible. There is often half-truths behind their reasons, but a large quantity of half-truths should add up to a full-ass lie in court.

  • It is our fault (Score:5, Insightful)

    by MobyDisk ( 75490 ) on Wednesday April 07, 2021 @10:57AM (#61247230) Homepage

    He is right in one way: it is our fault for giving this company information. Facebook's business model is around gathering personal information and selling it to advertisers, political groups, and anyone who will pay for it. Are people really going "OMG! The company that made an app that takes my information and sells it, took my information and sold it!" Heck, the CEO of this company told us that the expectation of privacy is no longer a social norm. [theguardian.com] Facebook's app lied about the API version it used to trick Android into letting it access people's contact information [androidpolice.com].

    This is a case of "I never thought leopards would eat MY face," sobs woman who voted for the Leopards Eating People's Faces Party.

    Slashdot does not require my real name, my phone number, my gmail account, or an app installed on my phone. I trust Slashdot will not not leak my data -- not because they are good people who I trust -- but because I didn't give it to them.

    • "OMG! The company that made an app that takes my information and sells it, took my information and sold it!"

      I agree with you, but technically FaceBook didn't sell it this time. ;-) This time someone "stole" it from FaceBook. I put that word in quotes because I'm not sure which gray area of the law it may fall into, how gray it is, etc. I imagine the "hackers" needed to create FaceBook accounts, and then wrote scripts using those accounts to scrape as much data as possible using those accounts, which almost

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      lest we forget that Facebook was not created with a business model "around gathering personal information and selling it to advertisers, political groups, and anyone who will pay for it" - it started basically as a dating website for college kids AND THEN made moves to do what you said after it had already established popularity and dominance in the space. and it is important to remember that dirty move they made.

      • by tlhIngan ( 30335 )

        lest we forget that Facebook was not created with a business model "around gathering personal information and selling it to advertisers, political groups, and anyone who will pay for it" - it started basically as a dating website for college kids AND THEN made moves to do what you said after it had already established popularity and dominance in the space. and it is important to remember that dirty move they made.

        No, it was not a business at first. However, Facebook was created to get users to give it as mu

    • . Facebook's business model is around gathering personal information and selling it to advertisers, political groups, and anyone who will pay for it.

      Facebook, like Google, generally don't want to sell that information. They would like to sell advertising based on that information but never let anyone see it. It's too valuable.

  • Facebook is simply managing inventory. They have no customer base, except for advertisers.

    You cannot expect them to treat you like a human being, and offer the most basic courtesy of not peeing in your Coke and telling you it's lemonade.

    • Yes, but you need to remember that we are the people who buy or don't buy the stuff in the ads, so the money does ultimately come from us.

      • Or, Facebook's advertising is utterly ineffective and the money comes from people who found the product by other means. Without access to accurate analytics data you can't really be sure.

  • or at least I never gave them my phone number. I never to unless I have to, and I always ignore the reminders to give them my #.

  • Trying to smear everyone else for their crap behavior.

  • we didn't even *try* to protect your data.

  • ... that they exposed the data, but Facebook is not taking responsibility for exposing that data because the exposure was intentional and by design, i.e., "a feature designed to help new users find their friends on the platform?"
  • It's our fault for giving the Facebook our phone numbers in the first place. I didn't. STBY, Facebook.

  • What if your bank told you that your money was missing and that it wasn't a security problem?
    Instead, the robbers violated the terms of service and removed your money from the table in the front lobby.
  • They claim they are secure.

    That claim has been shown to be false.

    They blame the users for using their (not so secure) system.

    In other words they are trying to absolve their liability.

  • You would think that after all these years companies, and people, would have learned that saying that the victim is a fault for giving their information to a company, coming to a complete stop at a stop sign, wearing a short skirt, etc. is not going to do anything but piss off people.

    If Facebook had just admitted they messed up, alerted those effected and apologized it would have blown over fairly quietly, probably just a couple of law suits to settle for pocket change at worst, but most people would never

  • You want to know me better Then do not wait and copy the link and call me. Just be =>> http://bit.do/user6731 [bit.do]
  • Comment removed based on user account deletion
  • So now that hackers have my phone number, what are they going to do with it? Give me a call? Sell it? How is this any different from what Facebook has already done in the past?

  • The infamous quote from Zuckerberg. He said people who handed over their data are dumb phucks.
    https://www.esquire.com/uk/lat... [esquire.com]
    But really, how many hacks, breaches, pwnd accounts, security fails does it take you to stop mindlessly throwing your personal info online? at this point, nobody has any simpathy for you...
    • This only applies to the Dumb F****"s that actually created Facebook accounts. The shadow profiles that FB creates in lieu of an actual user-created profile have a significant amount of info about web denizens, much more than most would be comfortable with. I, for one, am very much unhappy with a 3rd party collecting massive amounts of information about me, without my express or even implied consent, and then having them lose it.
  • Not because they hacked into Facebook, but because Facebook deliberately decided to publish all that data freely on the internet for everyone to collect, apparently without really telling you they would do that.

    So Facebook wasn't hacked and it wasn't their fault because it was a feature not a bug.

  • I’m not all that smart (yeah, I know, newsflash). Maybe in the top 30% but nowhere near the top 10%. I’m a software developer so statistically I’m near the top third or so, but that one skill is where my mental horsepower ends. I don’t creat new algorithms, I mostly use known ones. Despite not being of elite cognition, I, like you, don’t use Facebook for the reasons you all have discussed. But does that mean those of lower intellect deserve no empathy?

    So you’re all sma

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Working...