Posted on 04/10/2021 8:20:38 AM PDT by BenLurkin
Facebook decided not to notify over 530 million of its users whose personal data was lifted in a breach sometime before August 2019 and was recently made available in a public database. Facebook also has no plans to do so, a spokesperson said.
Phone numbers, full names, locations, some email addresses, and other details from user profiles were posted to an amateur hacking forum on Saturday, Business Insider reported last week.
The leaked data includes personal information from 533 million Facebook users in 106 countries.
In response to the reporting, Facebook said in a blog post on Tuesday that "malicious actors" had scraped the data by exploiting a vulnerability in a now-defunct feature on the platform that allowed users to find each other by phone number.
The social media company said it found and fixed the issue in August 2019 and its confident the same route can no longer be used to scrape that data.
"We don't currently have plans to notify users individually," a Facebook spokesman told NPR.
According to the spokesman, the company does not have complete confidence in knowing which users would need to be notified. He also said that in deciding whether to notify users, Facebook weighed the fact that the information was publicly available and that it was not an issue that users could fix themselves.
The information did not include financial information, health information or passwords, Facebook said, but the data leak still leaves users vulnerable, security experts say.
"Scammers can do an enormous amount with little information from us," says CyberScout founder Adam Levin, a cybersecurity expert and consumer protection advocate. In the case of this breach, he said, "It's serious when phone numbers are out there. The danger when you have phone numbers in particular is a universal identifier."
Phone numbers are increasingly used to connect people to their digital presence, including the use of two-factor authentication via text message and phone calls to verify one's identity.
The misuse of its user data is a familiar battle for Facebook, and its handling of user privacy has endured scrutiny.
In July 2019, months before patching up the aforementioned issue, Facebook reached a $5 billion settlement with the U.S. Federal Trade Commission for violating an agreement with the agency to protect user privacy.
To find out whether your personal information was leaked in the breach, you can check the data tracking tool, HaveIBeenPwnd. Its creator, Troy Hunt, updated the site with the latest data from the Facebook leak. Hunt said that 65% of the latest batch of data had already been added to the tracker from previous leaks.
Facebook has never had my phone number, address, financial data or personal data other than birth date.
I checked and found my phone number was not in any known data breaches. My email address was in five data breaches but was not searched within them.
“Birth date?” I gave them a date...yes...
Maybe he learned from Hillary Clinton and decided that the way you sell information is you “grant access” and then close the loopholes.
Maybe it does, but probably it doesn’t.
The scammers use computer software that dials every number for a given exchange to figure out which numbers are active.
Then they robo-call those numbers, using the software to spoof known active numbers on the same exchange, or some fake 1-800 number. If someone picks up the scammer attempts to phish them.
That’s when the real trouble starts.
Ha! I was right.
I have a bud who creates FB accounts for his affiliate marketing business. ALL FAKE from names, account emails and even phone numbers, including IP address.
Only idiots would actually give their real names online unless you want to create your own brand or you are a celeb etc.
2 of them were deleted but he mad more than 10. He found that odd. He knows FB sells the information anyway but what FB should do is at least give some money to the users for their info.
Zuckencuck should drink breach
“ The scammers use computer software that dials every number for a given exchange to figure out which numbers are active.”
That is one nice thing about having an out of area phone number. I have had a work cell number since the early 90s from chicago but I live in Nevada. So in general if I get called by a 312 number I am pretty sure it is bs, but if I get 312 plus my exchange I am 100% sure it is a scam. Sometimes I get calls from my own number
TRANASLATION: “We already sell it to everybody anyway.”
h/t pookie18's cartoons
You get it for free but the quality sucks. You have no say in how it works. The guy who runs it gets rich. There's no real competition. You have no privacy. And if you say one thing they don't like they'll shut you up. |
This is the Farcebook Is Evil ping list.
If you'd like to be on or off this list, please click Private Reply below and drop me a FReepmail
Well, I dont have Farcebook so all’s well..
—
Use a credit card?
Have a phone?
Use public utilities?
Have magazine subscription?
Have a driver’s license?
Registered to vote?
Gave a contribution to anything?
...the list is endless.
All have the same thing in common, they are gathering (and sharing) your personal information.
Not being on facebook does not make you invisible.
Many lawsuits coming I suspect.
LinkedIn announced 500 million accounts exposed too this past week.
What do you use 6 different accounts for?
2. Compete with multiple teams in Facebook-linked online sports leagues.
https://www.howtogeek.com/722194/everything-you-need-to-know-about-the-facebook-data-breach/
The above article has two links in it. One to check and see if your phone number was part of the breach and the other to check if your email was part of the breach.
The hacker(s) didn’t sell it. They stuck it on the web but you have to know where it is. Probably the dark web.
Ditto
Privacy and use of the internet are almost mutually exclusive. Every time you send a message across the internet, your device’s identity is in the message and probably recorded. Unless encrypted your entire message is visible to snoopers.
“We don’t currently have plans to notify users individually,”
= = =
Maybe they can’t.
The users’ contact info is co-opted, could go to the wrong person.
It’s not their job.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.