The unsecured Facebook server contained nearly 500 million users’ contact info including a treasure trove of usernames and phone numbers. More than 220 million of them, were found for sale online, leading to a Facebook server leak.
How much does it cost to buy access to hundreds of millions of people? Just $1,000.
According to CNET, Elliott Murray, CEO of UK-based cybersecurity company WebProtect, found the information for sale on the web forum in May. He believes it is the same list that TechCrunch reported Wednesday was found on an unsecured web server by cybersecurity researcher Sanyam Jain.
Where did this sensitive information come from in the Facebook server leak? Facebook thinks it might be related to an old feature the company has since shut down. For a while, users could locate each other by phone number rather than Facebook username. Executives realized that feature could be used to steal phone numbers and sell them for spam marketing purposes.
That is apparently what happened in the Facebook server leak. Databases of stolen information are for sale all over the Dark Web. When the database contains complete identities, thieves buy them for identity theft, fraud and even those robocalls you get on a daily basis. However, when it is just lists of email addresses or phone numbers, they still want these in order to send out spam, attempt to scam people or turn around and sell the list to someone else.
Facebook has used an important turn of phrase regarding the Facebook server leak: publicly available. That can mean that this is not “sensitive” information under data breach laws. It does mean, though, that someone did the hard work of compiling the info into an easy-to-use, easy-to-sell database.
There is no cause for concern regarding the security of your actual Facebook account from the Facebook server leak, but it is a good idea to pop into your profile settings and delete your phone number. It will not help if your number has already been posted online for sale, but it can prevent future data scrapes from nabbing your contact info.
There is another lesson to be learned from the Facebook server leak: do not overshare. If you are signing up for a new account and you see that some registration items are optional (like email address or phone number), skip them. If the company does not need it in order to establish your account and let you utilize their site, then it is just one more piece of data that can be compromised. Protect your data and only give it to those who really need it.
If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.
You might also like…