Facebook has once again exposed the personal information of millions of users. More than 419 million phone numbers linked to Facebook accounts were left accessible on a server that was not password protected, according to TechCrunch.
TechCrunch also reported that about 133 million records were associated with Facebook users in the United States, as well as 18 million in the United Kingdom and 50 million in Vietnam. Each phone number was tied to a user’s unique Facebook ID.
Image courtesy of TechCrunch: A redacted set of records from the U.K. database. The “44” indicates +44, the U.K.’s country code and the “7” indicates a cell phone number.
This is the most recent breach for a company that has a history of incidents involving consumer information. In 2018, a Facebook data breach exposed personal information of about 50 million people. That breach also included sensitive data, such as personal identifiers and search histories, associated with 14 million people.
Prior to last year, users could search a phone number to find a user, making this information publicly available. In April 2018, Facebook released a number of security and privacy updates which included removing this functionality, as well as changes to its login verification process, historical messaging documentation, and a number of API access updates.
This issue must be addressed on two levels:
The first, and most important, is Facebook’s obvious responsibility to password protect and encrypt sensitive information. This functionality is included as a native feature for most cloud storage technology, but can be bolstered using privileged access management and data privacy solutions which are used to manage access to sensitive information and ensure data is stored in compliance with the privacy regulations, respectively. G2 has thousands of reviews for these security products from real users to help you better assess your protection tools.
The second is less applicable to this breach, but in the case access credentials are ever exposed, password managers can help individuals ensure passwords are both strong and updated frequently.