UPDATED 22:24 EDT / SEPTEMBER 04 2019

SECURITY

Database of 419M Facebook user phone numbers found online

A database that primarily included the phone numbers of more than 419 million Facebook Inc. users has been found online in what could be one of the largest data breaches yet for the troubled social networking site.

Making matters worse for the company that Mark Zuckerberg founded, the data was found on an unsecured cloud storage instance. Facebook may not be all to blame, however: TechCrunch reported that the data may have been scrapped by a third party using a feature no longer available.

Facebook has not denied the report but is disputing the number, saying instead that the exposed database held “closer to half” of the number reported as the database had multiple duplicate records and other repeated data.

The data included not only phone numbers but Facebook user IDs as well and, in some cases, the user’s country, name and gender. TechCrunch was able to use the information in the database to cross-check the validity of the data and it came back as legitimately from Facebook.

The database is yet another privacy-related drama from a company that is arguably now famous for them, as Jonathan Bensen, chief information security officer at artificial intelligence-powered security firm Balbix Inc., told SiliconANGLE.

“Armed with phone numbers, a threat actor can hijack accounts associated with that number by having password reset codes sent to the compromised phone as well as attempt to trick automated systems from victims’ banks, healthcare organizations and other institutions with sensitive data into thinking the attacker is the victim,” Bensen explained. “Exposed individuals even put their employers at risk; attackers can leverage stolen numbers to obtain unauthorized access to work email and potentially expose more data.”

Benson noted that misconfigurations have been the reason behind several data leaks this year, including incidents affecting Orvibo, Tech Data and ApexSMS.

“Companies are tasked with the hefty burden of continuously monitoring all assets across hundreds of attack vectors to detect vulnerabilities,” he said. “Through this process, companies are likely to detect thousands of flaws in their network – far too many to tackle all at once. The key to thwarting future instances of data exposure is to leverage security tools that employ AI and ML to observe and analyze the entire network in real time and derive insights in order to prioritize the vulnerabilities that need to be fixed.

Photo: spencereholtaway/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU