Over 267 Million Facebook Users Reportedly Had Data Exposed Online

More than 267 million Facebook users allegedly had their user IDs, phone numbers and names exposed online, according to a report from Comparitech and security researcher Bob Diachenko. From a report: That info was found in a database that could be accessed without a password or any other authentication, and the researchers believe it was gathered as part of an illegal scraping operation or Facebook API abuse. Dianchenko says he reported the database to the service provider managing the IP address of the server, but the database was exposed for nearly two weeks. In the meantime, he says, the data was posted as a download in a hacker forum. That's a lot of personal data to be floating around in the wild, and as Comparitech notes, it could be used to carry out phishing scams and other foul play.

Personal Data? Facebook?

[Arzaboa]

I find it hard to believe this is a big deal. Its a social network where the things you post are public. Its fairly simple to look at a feed, gather pictures and then figure out where that person took those pictures. Are the people using fake names to troll upset?

Its bad when truly PII (personally identifiable information) is released from say your hospital, but I find it hard to get upset when ones social media company releases your name.

--
The amount of random conversations that lead to culture-shifting ideas is insane. - Virgil Abloh

Re:Personal Data? Facebook?

[ron_ivi]

It's far worse that Facebook itself has that information.

Who cares if some random hackers (with neither the computer skills nor the funding to mine the data) downloads what's basically a phone book? They couldn't meaningfully infringe on your privacy even if they wanted to. It's much worse that Facebook - who can and does abuse your privacy for profit - has access to the data.

If releasing the data helps reduce Facebook's monopoly on the data - which makes it that much harder for them to monetize - you could even argue it's a good thing that the information was released.

Its bad when truly PII (personally identifiable information) is released from say your hospital, but I find it hard to get upset when ones social media company releases your name.

Problem is that Facebook blurs the lines of personal information and, say, mental health information. Up until this week Facebook used your 2-factor-authentication phone number to infer your social network[note 1 below]. Clearly most people who gave Facebook a phone number for login verification didn't expect that would be a way that Facebook associates mentally ill people with their therapist[2].

Yet they did.

1. 1. https://www.reuters.com/articl... [reuters.com]
2. 2. https://www.psychotherapynotes... [psychotherapynotes.com]

Re:

[drinkypoo]

I use Faceboot, but I don't give them my phone number. When I use it from my phone I don't use their app. Problem solved.

Not solved

[ron_ivi]

Problem is if any of your contacts has your phone number; and chose to share contacts with Facebook; then facebook has your phone number.

Or if you don't have an unlisted phone number with your phone company.

Or have your phone number in any of Facebook's data vendors or advertising partners.

There are many ways Facebook associates your phone number with your profile.

Re:

[Matheus]

^ OC deserves more up-vote.. my sibling replies and just about every other comment on this thread miss the point.
This leak contained Name, User ID, Phone Number. ALL of that information is public.. heck we're not too far down the road from that information being dropped on everyone's door step annually.. (The fact most people have opted out of a phone book aside.. and the fact most cell phones don't appear therein)

Literally nothing of value was leaked here. Barely if at all news worthy.

If we really need to

Re:

[cusco]

Barely if at all new worthy.

Another data breech at Farcebook? Ho, hum. Must be Friday.

Re:

[msauve]

Yep.

The whole point of Facebook is to put personal info online. So, this is just them doing their job.

Exposed...

[mschaffer]

Exposed...as in Facebook didn't get paid for the data?

Re:

[BringsApples]

"Exposed" as in... "you signed up for, and used, facebook."

If you use facebook, you're literally causing this lobotomy on society.

illegal api scraping

[kiviQr]

Do you mean - we forgot to secure endpoint?

Vendor management

[onyxruby]

Facebook needs to get real about vendor management and auditing their vendors to ensure that they are compliant with their policy standards. This is a failure of their management oversight process. If they failed with this vendor than there is a fair chance that they have likely failed with other vendors as well.

There needs to be a comprehensive review not just of this single instance, but of their entire vendor management program.

If gov't wants to fight big tech

[i'm probably drunk]

Here's how to do it: Even a minuscule $100 fine per violation is $26.7 billion dollars.

So is there any solution approach?

[shanen]

I hope this story lives up to it's funny potential, but with my focus on solution approaches, I'll just note that WT.Social doesn't yet appear to be one. The Facebook problem remains humongous.

I suppose it's worth asking if there is any safe mechanism to check who in particular has been compromised? Best algorithm I can imagine is to download the breached data and search it carefully on a properly secured computer system.

Re:

[JacksonsGhost]

Yes, I'd like a lookup too. I deleted my Facebook after a sustained and comprehensive two year data poisoning campaign. My ads were in Finnish for some reason so I guess I broke the AI. I always treated it like the poisonous snake it is.

LOL!

[MerlTurkin]

Facebook idiots NEVER learn.

Obligatory

[JustAnotherOldGuy]

Obligatory "me so shocked" comment.

Really?

[cygnusvis]

People are still on facebook? I thought that was a past fad thing like vine.