MILLIONS of Facebook users’ phone numbers are STILL available online – 24 hours after Facebook bosses promised all details were wiped from the web
- Millions of people continue to have phone numbers accessible on a live server
- Comes after site bosses assured people that all user information was deleted
- The publicly-accessible database puts them at risk of potential fraud activity
The privacy of Facebook users is still being compromised by an insecure server – less than 24 hours after the site claimed it had removed all traces of the personal data.
Millions of people continue to have their phone numbers on a live and publicly-accessible database, putting them at risk of potential fraud.
The newly-discovered server, which was identified on Thursday, is said to include the exact same information which was said to have been removed the previous day.
That was part of a now-defunct feature which allowed users find each other by phone number, but was later disabled following the Cambridge Analytica scandal.
This latest issue is thought to be from publicly available information previously used to allow people to search for others by using their phone numbers. Pictured, a redacted screen grab from before the database was taken down
WHAT IS THE NEW SERVER?
The new server was found yesterday by Elliott Murray, CEO of cybersecurity company WebProtect, according to CNET.
They report that Murray was able to match multiple Facebook users’ phone numbers with correct names listed on the vulnerable server.
He claims it’s ‘almost certainly the same data’. ‘Databases of this scale don’t come often and it’s clear from the data they match,’ Murray said.
The new server was found yesterday by Elliott Murray, CEO of cybersecurity company WebProtect, according to CNET.
They report that Murray was able to match multiple Facebook users’ phone numbers with correct names listed on the vulnerable server.
He claims it’s ‘almost certainly the same data’.
‘Databases of this scale don’t come often and it’s clear from the data contained that the two match,’ Murray said.
MailOnline has contacted Facebook for comment, but are yet to receive a response.
Earlier this week, TechCrunch revealed that 133 million US accounts, more than 50 million in Vietnam, and 18 million in Britain were among 419 million records left in an open online server that was not secured with a password.
This includes, according to the person who unearthed the database, profiles and phone numbers of some celebrities.
Facebook confirmed the report, but said the total number was likely to be around half because of duplicate entries.
As the database has now been taken offline, there is no way for concerned users to find out if their information was leaked.
Sites like HaveIBeenPwned are good ways of checking details against all known leaks, but is not a bulletproof method.
Kate Bevan, Which? Computing Editor, said: ‘Facebook has taken positive steps to tighten security since this breach but it will still worry users that millions of phone numbers could make it into the hands of criminals – leaving them open to being targeted by cold-calling, fraudsters and other scams.
‘If you’ve uploaded your phone number to Facebook at any point, it’s worth being extra-vigilant about calls claiming to be from tech support warning that your computer or router is compromised and other unexpected cold callers.
‘Facebook must also reassure users that their data is being properly protected following this confirmation.’
Following the 2018 Cambridge Analytica scandal, when a firm used Facebook’s lax privacy settings to access millions of users’ personal details, the company disabled a feature that allowed users to search the platform by phone numbers.
The exposure of a user’s phone number leaves them vulnerable to spam calls, SIM-swapping – as recently happened to Twitter CEO Jack Dorsey – with hackers able to force-reset the passwords of the compromised accounts.
In July, the Federal Trade Commission announced that it had agreed a settlement with the social media giant which would see it pay a £4 billion fine and introduce a number of new audits into its business that would ensure privacy and data protection is in place.
FACEBOOK’S PRIVACY DISASTERS
December 2018: Facebook comes under fire after a bombshell report discovered the firm allowed over 150 companies, including Netflix, Spotify and Bing, to access unprecedented amounts of user data, such as private messages.
Some of these ‘partners’ had the ability to read, write, and delete Facebook users’ private messages and to see all participants on a thread.
It also allowed Microsoft’s search engine, known as Bing, to see the name of all Facebook users’ friends without their consent.
Amazon was allowed to obtain users’ names and contact information through their friends, and Yahoo could view streams of friends’ posts.
As of last year, Sony, Microsoft, and Amazon could all obtain users’ email addresses through their friends.
September 2018: Facebook disclosed that it had been hit by its worst ever data breach, affecting 50 million users – including those of Facebook boss Mark Zuckerberg and COO Sheryl Sandberg.
Attackers exploited the site’s ‘View As’ feature, which lets people see what their profiles look like to other users.
Facebook says it has found no evidence ‘so far’ that hackers broke into third-party apps after a data breach exposed 50 million users (stock image)
The unknown attackers took advantage of a feature in the code called ‘Access Tokens,’ to take over people’s accounts, potentially giving hackers access to private messages, photos and posts – although Facebook said there was no evidence that had been done.
The hackers also tried to harvest people’s private information, including name, sex and hometown, from Facebook’s systems.
Facebook said it doesn’t yet know if information from the affected accounts has been misused or accessed, and is working with the FBI to conduct further investigations.
However, Mark Zuckerberg assured users that passwords and credit card information was not accessed.
As a result of the breach, the firm logged roughly 90 million people out of their accounts earlier today as a security measure.
March 2018: Facebook made headlines earlier this year after the data of 87 million users was improperly accessed by Cambridge Analytica, a political consultancy.
The disclosure has prompted government inquiries into the company’s privacy practices across the world, and fueled a ‘#deleteFacebook’ movement among consumers.
Communications firm Cambridge Analytica had offices in London, New York, Washington, as well as Brazil and Malaysia.
The company boasts it can ‘find your voters and move them to action’ through data-driven campaigns and a team that includes data scientists and behavioural psychologists.
‘Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections,’ with data on more than 230 million American voters, Cambridge Analytica claims on its website.
The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.
The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump
This meant the company was able to mine the information of 87 million Facebook users even though just 270,000 people gave them permission to do so.
This was designed to help them create software that can predict and influence voters’ choices at the ballot box.
The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.
This information is said to have been used to help the Brexit campaign in the UK.
It has also suffered several previous issues.
In 2013, Facebook disclosed a software flaw that exposed 6 million users’ phone numbers and email addresses to unauthorized viewers for a year, while a technical glitch in 2008 revealed confidential birth-dates on 80 million Facebook users’ profiles.
Source: Read Full Article