267M Facebook User IDs, Phone Numbers And Names Exposed Online – Expert Commentary

A database containing more than 267 million Facebook user IDs, phone numbers, and names was left exposed on the web for anyone to access without a password or any other authentication. Comparitech partnered with security researcher Bob Diachenko to uncover the Elasticsearch cluster. The open database, which has been pulled down, wasn’t protected by a password or any other safeguard for nearly two weeks. In fact, someone has already made the data available for download on a hacker forum.


EXPERTS COMMENTS
Erich Kron, Security Awareness Advocate,  KnowBe4
December 23, 2019
Attackers know that these numbers are mobile devices and that they can likely receive text messages.
While on the surface a database of phone numbers does not seem like something to be concerned about, this type of information, all in one place, is a gold mine for scammers and cybercriminals. Attackers know that these numbers are mobile devices and that they can likely receive text messages. They also know these numbers are associated with a Facebook account and can craft attacks that seem legiti ....
[Read More >>]
Jason Kent, Hacker in Residence,  Cequence Security
December 23, 2019
I figured some day that database would get dumped.
For years I yelled "no Facebook, you cannot have my phone number" every time it asked. Not because I didn't want my account more secure but, rather, I figured some day that database would get dumped. The rich personal information everyone shares on Facebook, coupled with a simple way to get access to speak to you, is a tremendous feeder source for scams. The fact that this was discovered by a t ....
[Read More >>]
Stuart Reed, VP ,  Nominet
December 23, 2019
The 267 million Facebook users who had their names and personal phone numbers exposed to potential hackers.
The 267 million Facebook users who had their names and personal phone numbers exposed to potential hackers are at high risk for a variety of targeted spam messages, phishing attacks or other scam attempts. With this information, hackers are given a direct line of access to these users – and that can enable criminals to more effectively target these users and gain further private information that ....
[Read More >>]
Jonathan Devaux, Head of Enterprise Data Protection,  Comforte AG
December 23, 2019
It is possible that Facebook users (and ex-users) will exercise their Rights under CCPA.
It seems FB is in the news every month with a cybersecurity issue. The term “too big to fail” may not apply to Facebook, but they do seem to be failing at data security, left and right. Even though the California Consumer Privacy Act (CCPA) is not finalized, when it does become enforceable in early 2020, it is possible that Facebook users (and ex-users) will exercise their Rights under CCPA, w ....
[Read More >>]
Irfahn Khimji, Tripwire Inc,  Country Manager for Canada
December 23, 2019
As we have seen in recent data breaches everything from phone numbers to health records have been made public.
It is important for anyone using the internet to remember that anything posted online, once posted, can potentially be seen by anyone. As we have seen in recent data breaches everything from phone numbers to health records have been made public. Practicing due care and ensuring that only information one is comfortable with being made public should be freely posted on social media sites. ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
December 23, 2019
Given access to any data, people will find a way to use, and potentially misuse it.
Another day, another unsecured database found on the internet. With this database containing Facebook related data, its obvious to ask what role Facebook might have played in this activity. In this case, we can look to two specific areas; the Facebook API and the public settings of Facebook accounts. In both cases, the scope of data available to third parties has varied over time. This varied acce ....
[Read More >>]
Rosemary O\'Neill, Director - Customer Delivery,  NuData Security
December 23, 2019
Analysing customer behaviour with passive biometrics is completely invisible to users.
Cybercriminals now have access to data on almost everyone in the world, which means that they are well stocked to create fake accounts, steal full identities, create synthetic identities, use stolen credit cards, and more. We must change the current equation of "breach = fraud" by changing how companies think about online identity verification; the key is to make it valueless. Once a breach happen ....
[Read More >>]
Robert Prigge, CEO,  Jumio
December 20, 2019
Businesses must reconsider their use of these types of identity proofing.
Yawn, another data breach. We're all getting a bit jaded by these breaches, and it’s a given that the information contained in Facebook’s compromised database could be used to conduct large-scale SMS spam and phishing campaigns, among other threats to end users. But, what about the threats to businesses? Tens of thousands of businesses use the Facebook Login Button on their websites to validat ....
[Read More >>]
Vinay Sridhara, CTO,  Balbix
December 20, 2019
The same "move fast and break things" mantra championed by Mark Zuckerberg.
It was not too long ago that Facebook suffered a data leak of millions of its users’ information, including phone numbers. Given the seemingly cavalier approach many consumer services take towards properly protecting data, enterprises everywhere should see this as a wake-up call. The same "move fast and break things" mantra championed by Mark Zuckerberg in Facebook's early days is being mimicked ....
[Read More >>]
Chris DeRamus , Co-founder & CTO,  DivvyCloud
December 20, 2019
Organizations should feel empowered to implement this technology.
This is not the first time that Facebook has suffered a breach; in fact, it exposed 540 million users’ data in April after an AWS S3 bucket was left publicly accessible. However, this latest incident is alarming because the database was unprotected for nearly two weeks, allowing threat actors more than enough time to access it and use it to launch spear phishing attacks and commit identity theft ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article