Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/5/2019
11:15 AM
100%
0%

419M Facebook User Phone Numbers Publicly Exposed

It's still unclear who owned the server storing hundreds of millions of records online without a password.

An unsecured server exposed 419 million phone numbers belonging to Facebook users, whose information was stored in several databases without password protection, TechCrunch reports.

The records spanned Facebook account holders in countries including the US (133 million), UK (18 million), and Vietnam (50 million). Each record held an individual's Facebook ID, which is a unique number connected to the account, and the person's phone number. Some also held the user's name, gender, and location. Affected databases were taken offline by the hosting provider.

User phone numbers have not been publicly available on Facebook since 2018, when the social media giant removed developers' access to them. It's believed whoever scraped the numbers did so before Facebook changed its policy allowing users to find friends using phone numbers. The identity of who scraped the information and why has yet to be confirmed, the report says.

Facebook has so far not seen any indication that user accounts have been compromised. Exposure of a phone number can leave victims susceptible to SIM swapping and spam calls.

Read more details here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Meet FPGA: The Tiny, Powerful, Hackable Bit of Silicon at the Heart of IoT."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
9/5/2019 | 12:22:52 PM
On Phone Numbers
Hacked for decades - it is called a phone book and contains (GASP!)   NAMES ----- ADDRESSES ----- PHONE NUMBERS OH MY!!!!!!!!!! Some hacks are just silly. 
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17229
PUBLISHED: 2020-02-24
includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.
CVE-2020-9374
PUBLISHED: 2020-02-24
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.
CVE-2019-12510
PUBLISHED: 2020-02-24
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a resul...
CVE-2019-12511
PUBLISHED: 2020-02-24
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being e...
CVE-2019-12512
PUBLISHED: 2020-02-24
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced ...