In another case of privacy lapse, Facebook IDs and phone numbers of over 419 million users were reportedly stored in an online server without protection, reported TechCrunch. About 133 million affected users were from US, 18 million from UK, and over 50 million from Vietnam. The Facebook unique ID which was available online could be used to get the name of the users.
Security researcher Sanyam Jain had found the online database and tipped off TechCrunch who then contacted the web host. Following this, the data was pulled down. According to the researcher, phone numbers associated with several celebrities were also available in the database.
“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The dataset has been taken down and we see no evidence that Facebook accounts were compromised,” a Facebook spokesperson told MediaNama.
Facebook’s lack of data protection
The social media company had been facing global criticisms due to the lack of proper protection of its users’ data. The issue was highlighted after Cambridge Analytica scandal last year. In April 2018, Facebook had revealed data belonging to over 562,455 Indian Facebook users may have been improperly accessed by British political consulting firm Cambridge Analytica. The breach had globally affected around 87 million users.
In August 2018, The Central Bureau of Investigation (CBI) had begun a preliminary inquiry against Cambridge Analytica, which has been suspected of harvesting and breaching the data of millions of Indians without their consent. The agent probed if Cambridge Analytica had received data from Global Science Research and if the data was harvested or misused.
In April this year, cybersecurity firm UpGuard had reported that over 540 million Facebook records were left exposed on the public internet via two third-party Facebook apps. The cybersecurity company had discovered two separate sets of Facebook user data on public Amazon cloud servers. One dataset linked to Mexico-based media company Cultura Colectiva contained over 540 million records including comments, likes, reactions, account names, Facebook IDs and more. Another linked to a defunct Facebook app called ‘At The Pool’, contained plaintext passwords for 22,000 users.
Zuckerberg should face a prison term: US Senator
Last month, in an interview with Willamette Week, the U.S. Senator Ron Wyden had said that Facebook CEO and founder Mark Zuckerberg should face a prison term for “repeatedly lying to American people about privacy”.
In July, it was reported that the US Federal Trades Commission (FTC) would impose a fine of $5 billion on Facebook for violating a decree governing privacy breaches, stemming from the Cambridge Analytics scandal. This was largest penalty the FTC had imposed against a technology company; its second-largest fine was a mere $23 million on Google in 2012.
In the same month during US Senate hearing on Facebook’s Libra cryptocurrency, Democrat senator Sherrod Brown had said, “We would be crazy to give them [Facebook] a chance to experiment with people’s bank accounts, and to use powerful tools they don’t understand, like monetary policy, to jeopardise hardworking Americans’ ability to provide for their families”.