Facebook Leaked 419 Million Records of Users Because the Server Wasn’t Protected With a Password
On September 4, 2019 TechCrunch reported that a Facebook server exposed over 419 million records of its users. These included 133 million Facebook users from the United States, 18 million from U.K. and 50 million records from users in Vietnam. The records contained the users’ Facebook ID and phone numbers. Some records revealed additional information. Because the phone numbers can be used by an attacker to reset a user’s password, this is a serious security and privacy issue.
What Caused the Data Leak?
The Facebook’s server that stored a database of over 419 million records of Facebook users wasn’t protected with a password. That’s how the data of hundreds of millions of users ended up online.
Facebook in the News (2018 – 2019)
In his article for TechTarget.com, Michael Heller documents A recent history of Facebook security and privacy issues. You should check out the articles for details. Here I am going to only list a customized version of timeline Michael documented, updated with newer Facebook privacy violations.
January 4, 2018: Zuckerberg vows to fix Facebook issues, including election interference and misinformation campaigns. BBC points out that Zuckerberg has been setting himself these challenges every year since 2009.
February 2018: German and Belgian courts find Facebook guilty of violating the privacy laws. Also, Facebook first denied and then admitted it used mobile numbers submitted for 2FA for advertising purposes.
March 19, 2018: Cambridge Analytica scandal came to light, which led to Facebook’s $5 billion settlement with FTC.
April 2018: Facebook admits the Cambridge Analytica scandal may have involved 87 million people, not 50 million as reported earlier. Also in April 2018, KrebsOnSecurity discovered about 120 private discussion groups with a combined membership of over 300,000 that were involved in cybercrimes. After KrebsOnSecurity alerted Facebook, they deleted them within hours.
September 2018: Facebook’s network was breached and about 50 million accounts were affected.
December 14, 2018: Facebook API bug exposed photos of 6.8 million users.
December 18, 2018: Facebook allowed Netflix, Spotify, and Royal Bank of Canada to read, write, and delete users’ private messages.
January 2019: Facebook exploited enterprise certificate loophole in Apple’s iOS to gather data on users.
February 22,2019: Computer Weekly revealed a secret Facebook program which involved spying on Android phone users by tracking their locations. Facebook also planned to gather intelligence on rival companies.
April 2019: Cicso Talos researchers found out that cybercrime groups were still involved in criminal activities on Facebook. Apparently Facebook didn’t do much to address this issue a year ago when KrebsOnSecurity alerted them.
March 7, 2019: Zuckerberg admitted Facebook wasn’t successful in protecting users’ privacy and promised to transform Facebook into a “privacy-focused” platform.
If Facebook executives want to transform Facebook into a “privacy-focused” platform, a good place to start would be to tell their IT department to put a password on the server that holds the database of over 419 million records of Facebook users. |
March 22, 2019: Passwords of 600 million Facebook users were exposed internally. These passwords were found in plaintext and some of them were exposed since 2012. Apparently, no one at Facebook was bothered by seeing users’ password in plaintext for 7 years.
July 12, 2019: Facebook agrees to pay $5 billion in fines in FTC settlement because of the Cambridge Analytica scandal, where data from over 50 million users was used without permission.
September 4, 2019: TechCrunch.com reported that a Facebook server exposed over 419 million records of its users because the server wasn’t protected with a password. Perhaps another Class Action law suit is in Facebook’s future.
After reading this timeline, do you believe Facebook has done a good job of protecting people’s privacy since Facebook’s CEO vowed to fix Facebook issues on January 4, 2018 and promised to transform Facebook into a “privacy-focused” platform on March 7, 2019? Okay, that was a rhetorical question, but you get my point.
Copyright © 2019 SeattlePro Enterprises, LLC. All rights reserved.