An unprotected server hosting a database leaked millions of Facebook users’ phone numbers online. According to TechCrunch, the server wasn’t password-protected, allowing anyone to access the Facebook database.
The database contained more than 419 million records of Facebook users across the globe, including 133 million records of U.S. users, 18 million records of the U.K. users, and more than 50 million records of Vietnam users. The exposed records contained users’ unique Facebook ID and the phone number linked to their accounts.
Facebook fixed the database after security researcher Sanyam Jain flagged the issue. The Social Media giant later claimed the unprotected database contained only 220 million users’ records.
This is the latest security incident in Facebook’s timeline of data breaches. Earlier, researchers discovered that Facebook user account information was exposed on Amazon cloud servers. The security team at UpGuard stated that they found two data breach incidents in different regions.
The first incident originated from the Mexico-based media company Cultura Colectiva, which exposed around 146 GB of data that contained over 540 million records detailing comments, likes, reactions, account names, FB IDs, and other sensitive information. UpGuard stated the data was stored in Amazon’s cloud service without password protection and could easily be accessed by outsiders.
The second was a separate database from a Facebook-integrated app named ‘At the Pool’ which exposed data via an Amazon S3 bucket. This database contained backup information like fb_user_id, fb_user, fb_friends, fb_likes, fb_music, fb_movies, fb_books, fb_photos, fb_events, fb_groups, fb+checkins, fb_interests, and passwords.
In a recent update, Facebook is set to pay the largest fine imposed on a technology company by the Federal Trade Commission. The social media giant was slapped with a massive $5 billion fine for allegedly violating privacy practices and mishandling user data during the infamous Cambridge Analytica scandal and other privacy breaches.
The FTC ordered Facebook to adopt new policies for protecting users’ data and expand these policies across Instagram and WhatsApp. Facebook has also been asked to create a new privacy committee that will have independent board members. Moreover, a third-party assessor approved by the FTC will be brought on board to conduct biennial assessments and monitor Facebook’s privacy-related decisions.