Facebook has revealed the phone numbers of more than 400 million users

A security breach again violates privacy in Facebook. More than 400 million phone numbers of social network users, related to their accounts, were exposed for more than a year on a server that was not pbadword protected. The episode reflects, once again, the low priority given by the company to the protection of personal data.

As revealed by the specialized site Tech Crunch, the server has stored more than 419 million records – Account ID and phone numbers – of which 133 million correspond to users in the United States, 50 million in Vietnam and 18 million in the United Kingdom.

Do not be pbadword protected Anyone can access the databases which contained the information, with the risks that this implies. In some cases, the name, location and gender of the user were next to the identifier and the phone number.

Facebook confirmed the report, although it was said an old affair that had already been solved.

"This database is old and seems to contain information obtained prior to the changes we made last year to eliminate the possibility of people finding other people to help." their phone numbers. The database has been removed and we do not detect any evidence that Facebook accounts have been compromised, "said a spokesman for the company.

However, Tech Crunch He clarified that the database was only accessible shortly after contacting the web host.

"Sanyam Jain, security researcher and member of the GDI Foundation, found the database and contacted Tech Crunch after failing to find the owner. After a review of the data, we do not either. But after contacting the web hosting provider, the database was disconnected, "the US media said.

Facebook said that the actual number of users whose information was exposed was about 210 million, because the 419 million records contained duplicates, the newspaper details The Guardian.

Before and after Cambridge Analytica

In April 2018, until a scandal shared between the social network and the consulting firm Cambridge Analytica regarding the privacy policies of the platform is declared, Facebook allows anyone search users by phone number.

Apparently harmless, today's phone numbers are a more effective personal identification tool than first names and names.

In mid-August a newspaper survey The New York Times He revealed how, from the phone number of a person, it is possible to track sensitive data ranging from personal address to payment of taxes, on behalf of family members or to criminal records .

With this information, a cybercriminal could for example reset a pbadword of an online service and answer questions such as "What is your mother's name?", or persuade the mobile provider to transfer the number to another after, for example, falsely reporting the loss equipment.

This last point, hard to believe, is what happened this weekend to Jack Dorsey, CEO of Twitter, who, with a technique known as "swapping the SIM card", hacked the account and l & # 39; Used to send xenophobic messages on Twitter. .