On September 5, according to foreign media reports, the social giant platform Facebook has a serious security breach. A database storing hundreds of millions of phone numbers associated with Facebook accounts was leaked online, and each record contains a user's Facebook ID. And the phone number connected to their account, the privacy of more than 400 million users worldwide is at risk.
The exposed server contains records in multiple databases, involving users in different geographic locations, including 133 million records of Facebook users in the US, 18 million user records in the UK, and more than 50 million Vietnamese user records. Since the server is not password protected, anyone can find and access these databases.
The media has verified some of these records, and found that some records contain the user’s name, gender, and country/region location.
Facebook security issues happen frequently?
Facebook security hazards occurred in August, but not many people paid attention at the time. According to foreign media reports, Israeli cybersecurity company Check Point claimed on August 8 that it had discovered a serious security vulnerability in Facebook’s popular messaging app WhatsApp, allowing hackers to manipulate users’ chat messages, whether in public or private conversations. . In response, a Facebook spokesperson said in an email statement: “We carefully reviewed this issue a year ago and believe that the statement that we have provided security loopholes on WhatsApp is wrong. It needs to be pointed out that, Solving the problems raised by these researchers may reduce the privacy of WhatsApp."
However, less than a month has passed, and Facebook has had such a big security breach. Is it really because the tree attracts the wind?
This is the latest data security breach exposed by Facebook since the Cambridge Analytica data abuse scandal. In the 2016 U.S. presidential election, the personal data of more than 80 million people were captured to help identify vacillating voters.
Since then, the company has seen several high-profile crawls, including Instagram, and the company recently admitted that a large number of personal data have been crawled.
This latest incident exposed the phone numbers of hundreds of millions of users through Facebook ID alone, exposing them to the risk of spam calls and SIM swap attacks, which rely on tricking mobile phone operators into providing someone’s phone number to an attacker. Using someone else’s phone number, an attacker can forcefully reset the password of any Internet account associated with that number.
A Facebook spokesperson said that the data had been collected before Facebook cut off access to user phone numbers. He said: "This data set is very old. It seems that there is information we obtained before we made the change last year. At that time, people's ability to find other people using their phone numbers was eliminated. The data set has been deleted and we have not seen Evidence of leaked Facebook account."
But who exactly captured the data, when was it captured from Facebook, and what was the purpose? These questions are still unanswered.
Facebook has long restricted developers from accessing user phone numbers, and the company has also made it more difficult to search for friends' phone numbers. But the data seems to be loaded into the exposed database at the end of last month, although this does not necessarily mean that the data is new.
This latest data breach is the latest example of online and publicly stored data being exposed without password protection. Although often associated with human error rather than malicious destruction, data exposure still represents an emerging security issue.
Network security issues need everyone’s attention
In 2010, a large social networking site rockyou.com was exposed to a SQL injection vulnerability. Hackers used this vulnerability to obtain 32 million user records (including E-mail, name, and password in plain text).
In 2015, the British telephone and broadband provider TalkTalk was attacked by a 15-year-old hacker using a SQL injection vulnerability. The names, addresses, dates of birth, and credit card/bank details of four million TalkTalk customers were stolen by hackers.
In 2018, a man in Taiwan used a loophole in the Citibank credit card business system to spend more than 63 million yuan (about NT$13.45 million) with his card. Citibank has sought compensation from the customer through judicial channels.
Summary of the new dream: Nowadays, most social platforms and apps are tied to personal phone numbers and personal information. If the platform operator has a security risk similar to Facebook, it is often our registered users who are hurt. Currently, we are targeting the Facebook vulnerability incident. , I can only hope that the information of friends who have registered on Facebook in China is safe.