[ad_1]
Facebook is still looking for another security gaffe, this time with an incident involving an exposed server containing hundreds of millions of phone numbers that were previously associated with accounts on its platform.
The situation seems to be related to a feature that is no longer enabled on the platform but allows users to search for a person based on their phone number. On Wednesday, Zack Whittaker of TechCrunch announced for the first time that a server, which did not belong to Facebook but was not password protected and therefore accessible to anyone who found it , was discovered online by security researcher Sanyam Jain and contains more than 419 million albums. Facebook users, including 133 user registrations based in the United States
Have you seen this raven Raven Raven Snatching?
Canuck, the raven hero who loves knives, fire and crime, would have disappeared.
Read more
(A Facebook spokesperson disputed the figure of $ 419 million in a call with Gizmodo, claiming that the server contained "more than half" of that number, but declined to provide a specific figure.)
According to TechCrunch, the records on the server included a Facebook user's phone number and an individual Facebook ID. Using both, TechCrunch stated that it had been able to check them to check the records and also found that in some cases the records included the country, the name and the gender of the user. The report says it's hard to know who got the data from Facebook or why. The Facebook spokesman said the company had been made aware of the situation a few days ago but that she would not specify an exact date.
Whittaker noted that having access to a user's phone number could allow a bad actor to force-reset the accounts associated with that number and expose them to intrusions such as spam calls or other abuses. . But this could also allow a bad actor to collect a host of private information about a person by entering them into a number of public databases or with simplified maneuvers or by using the identity of the person. User, to allow a hacker to access applications or even a bank account.
"This dataset is old and seems to have information obtained before we made any changes last year to prevent people from finding other people using their phone numbers" said the spokesperson in a statement by email. "The dataset has been removed and we have not seen any evidence that Facebook accounts have been compromised."
Mike Schroepfer, CTO, announced in April 2018 on Facebook that users could no longer search for themselves with the help of phone numbers or email addresses after discovering that "malicious actors" were abusing this function to delete publicly available information. Schroepfer wrote at the time that "due to the breadth and sophistication of the activity we have encountered, we believe that most Facebook users could have seen their profile modified in this way ". Last year's event did not make this week's news less disturbing.
Another day, another spectacular security case organized by a company that has the knack for this kind of thing. The news comes immediately after Senator Ron Wyden told an interviewer that he believes lawmakers should ensure that Facebook's CEO, Mark Zuckerberg, faces "the possibility of a prison sentence" because violations of his company's data by his company. Although it sounds like a chimera, the possibility of it becoming a reality is getting stronger day by day.
[ad_2]
Source link