Another day, another example of Facebook playing fast and loose with your privacy. For the second time this year, millions of user records have been found in an unprotected server.
As many as 419 million user records were hiding in plain sight on an unprotected server. Anyone who found this server had access to information that could lead to serious hacking incidents.
How did this happen again? We have the answer and more information on the data that was exposed.
Facebook users’ data exposed again
The 419 million Facebook records were found parked in a server that had no password protection. The records contained users’ phone numbers and their Facebook IDs.
The server is not owned by Facebook, which means the data was scraped. The server held several databases from around the world. The databases exposed 133 million records from Facebook users in the U.S., 18 million from the United Kingdom and more than 50 million from Vietnam.
The server was discovered by a researcher and member of the GDI Foundation, which works to detect online security risks. The researcher told TechCrunch he was unable to find the server’s owner but the site hosting it immediately took it offline when told about the problem
The most worrisome aspect of this latest example of Facebook’s lax security is that phone numbers listed on accounts were available for anyone to see. According to the researcher, phone numbers linked to several celebrities’ Facebook profiles were also on the server.
Facebook said the data was a year old and was scraped before the company removed users’ ability to find other users’ phone numbers. However, there’s no telling how many phone numbers are still associated with users’ Facebook accounts.
Phone numbers can be used by hackers to create all sorts of mayhem. For example, they can make spoof numbers for robocalls and even reset passwords on any other accounts tied to the phone number.
It’s unknown whether this latest data has been accessed by hackers.
Facebook’s history of exposing user data
This is the second time this year that Facebook data has been found on unprotected servers.
In April it was discovered that 540 million Facebook users’ records, including passwords, were exposed publicly on Amazon servers by third-party app developers. Two separate Facebook app data sets were stored in their own cloud server buckets, but both were configured to allow the files to be downloaded by anyone.
The bigger data set belonged to a Mexico-based media company. The massive 146 GB file contained information such as comments, likes, reactions, account names and Facebook IDs.
The other data set is a backup for the now-defunct Facebook app called “At the Pool.” The set contained user IDs, friends, likes, interests, check-ins, groups and the unprotected plain-text Facebook passwords of 22,000 users.
And of course, there was the Cambridge Analytica scandal. A professor at Cambridge created a quiz app for Facebook users and passed the data along to Cambridge Analytica. The company used the information to create voter profiles for the 2016 presidential election.
In July, the U.S. Federal Trade Commission approved a $5 billion settlement against Facebook. The settlement is tied to Facebook sharing user data with other companies, the Cambridge Analytica fiasco and numerous data leaks.
Use Facebook Dating at your own risk
Right on cue, Facebook tries to deflect our attention from its latest fail by dangling a shiny, new and creepy toy. The company has just rolled out Facebook Dating in the U.S. Expect a hot mess from this one.
We warned you about this in spring, when the company announced during F8, the annual Facebook Developer’s Conference, that it would be expanding Facebook Dating to include the U.S. By the way, that was the same conference where Facebook CEO Mark Zuckerberg declared that “the future is private.”
Well, Facebook Dating has arrived and not only does it give us the heebie-jeebies, but it’s also dragging another popular social media site into the muck. Facebook is allowing users to “integrate” their Instagram posts right into their Facebook Dating profile.
Look, we know Instagram is owned by Facebook but it’s still a good site. But Facebook doesn’t want us to have nice things, so don’t be surprised if Instagram turns into a trolling dating site. Fun!
Still considering joining Facebook Dating? Consider this: it has a feature called Secret Crush in which users can “explore potential romantic relationships within their own extended circle of friends.” Gross.
Facebook wrapped up its announcement of the U.S. Facebook Dating rollout with its now standard — and laughable — “we’re committed to protecting people’s privacy.” Whatever, Facebook.