Hundreds of millions of phone numbers from Facebook accounts leaked online

Zack Whittaker for TechCrunch:

Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam… Some of the records also had the user’s name, gender and location by country…

But because the server wasn’t protected with a password, anyone could find and access the database.

This is the latest security lapse involving Facebook data after a string of incidents… This latest incident exposed millions of users’ phone numbers just from their Facebook IDs, putting them at risk of spam calls and SIM-swapping attacks, which relies on tricking cell carriers into giving a person’s phone number to an attacker. With someone else’s phone number, an attacker can force-reset the password on any internet account associated with that number.

MacDailyNews Take: For Facebook, the hits just keep on comin’!


If you trust Mark Zuckerberg to be the keeper of your photos, contacts, political views, religious beliefs, etc., you’re batshit insane. — MacDailyNews, May 23, 2018


    1. MDN still proudly keeps its Fuckbook link icon up, just to the left of its primary income generator, Gaggle, and the US presidential squawk box, Tweeter.

      Way to uphold those principles, MDN.

    1. Not really. Subscribers can delete their Facebook account whenever they want. It just so happens, they don’t. Most users love Facebook, despite data breaches. Privacy violations simply don’t matter to most Facebook users. Facebook membership is still rising globally and that’s all that matters. Zuckerberg has built a social paradise that can’t possibly fail and Wall Street knows it.

  1. Ok, let’s see, what’s the GDPR fine for this type of data loss? Ah, Wiki says: Violators of GDPR may be fined up to €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater.[1] The following is a list of fines and notices issued under the GDPR, including reasoning.

    I’ve heard that this can be the fine for every infraction. Multiply that by the 18 million people whose info was breached in the UK and we’re getting to a fine that might make these companies sit up and take notice, for once.

  2. Almost no one who uses Facebook cares about these type of leaks. Facebook membership is on the rise and so is Facebook’s share price. I’m not sure why anyone makes a big deal out of these leaks when they know they’re bound to happen in the future as they have in the past. It’s been recently said Zuckerberg is getting wealthier by the day from Facebook and he’s made the company pretty much untouchable from federal agencies. Analysts are giving Facebook high target prices and they don’t seem to be concerned about data breaches in their evaluations of Facebook. What’s so important about this phone number data leak? Companies could just go through a phone book to get this information.

    Some senator wants to put Zuckerberg behind bars for privacy violations but that will never happen. Zuckerberg is one of the wealthiest and most powerful men in America and those people will never end up behind bars. I’m sure there must be influential people who are Facebook investors and they would never allow anything to happen that might hurt their investment. I’m sure Zuckerberg has plenty of protection and he could pay someone else in his company to take the fall for any major data breach.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.