It has been revealed that hundreds of millions of phone numbers linked to Facebook accounts were found online. The passwordless server contained over 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.
Each record contained a user’s unique Facebook ID and the phone number listed on the account. A user’s Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account’s username. Some of the records also had the user’s name, gender, and location by country.
To help understand the how the attack happened and the wider implications, Jonathan Bensen, CISO at Balbix gives Digital Journal readers the lowdown.
Bensen explains that this is not the first time that Facebook has been connected with a cybersecurity issue: “This exposure is the latest in a string of security and privacy incidents involving Facebook.”
Bensen goes on to explain the implications of the data breach: “Armed with phone numbers, a threat actor can hijack accounts associated with that number by having password reset codes sent to the compromised phone as well as attempt to trick automated systems from victims’ banks, healthcare organizations, and other institutions with sensitive data into thinking the attacker is the victim.”
The issue not only affects individuals, it could extend to the companies they work for, as Bensen explains: “Exposed individuals even put their employers at risk; attackers can leverage stolen numbers to obtain unauthorized access to work email and potentially expose more data.”
In terms of the root cause, the analyst explains how the issue probably happened: “Misconfigurations have been the reason behind several data leaks this year including incidents affecting Orvibo, Tech Data and ApexSMS. Companies are tasked with the hefty burden of continuously monitoring all assets across hundreds of attack vectors to detect vulnerabilities. Through this process, companies are likely to detect thousands of flaws in their network – far too many to tackle all at once.”
In terms of preventing the incident from happening again, Bensen recommends: “The key to thwarting future instances of data exposure is to leverage security tools that employ AI and ML to observe and analyze the entire network in real time and derive insights in order to prioritize the vulnerabilities that need to be fixed.”