It is believed that the more and more famous the company that stores your data, the less reason you have to worry about the safety of this data, especially if 'I am an ordinary person, who might be interested in me' or not?
Original material by Jason Aton
It's been about a week since users Facebook received bad news, which was most likely inevitable. I don't mean to sound too harsh, but let's be honest: Facebook has a problem keeping your personal, private information. In fact, as far as I know, the truth is that the company agreed to pay $ 5 billion to settle an investigation into this very charge.
As soon as we thought that Facebook the last scandal has passed, as we learn that 419 million phone numbers and user IDs have been removed from the site and stored in an unprotected database. Of these, 133 million numbers and identifiers belong to US users. To be correctly understood, by 'unsecured' I mean that the database was not even password protected.
This became known from the words of Techcrunch, which warned a security researcher named Sanyam Jane, who was the first to discover this source of information on the Internet. The data appears to have been seized over a year ago as Facebook no longer allows developers to access user phone numbers. This means that the database could lie 'open-air' for a year, accessible to anyone who might accidentally find it.
Facebook states through a representative that 'the data has been deleted and we found no evidence that the accounts of Facebook were compromised.' This is good news, but to be honest, not very good. Moreover, the security researcher and Techcrunch were unable to figure out who owned the database, when it was seized, or what it could have been used for.
At this point, the real problem is not that the bad guy did something with the information, but that the same thing happens in Facebook over and over and over. And if so, then you've officially entered 'we have problems' territory.
And this is a serious problem. The Techcrunch report further explains that:
This latest incident has exposed millions of users' phone numbers based on their IDs alone in Facebook, exposing them to the risk of spam calls and SIM spoofing attacks by deceiving cellular operators by providing an attacker with a person's phone number. Using someone else's phone number, an attacker could force a password reset for any Internet account associated with that number.
Let's take a look at this. Anyone who accessed this database could theoretically trick Verizon or T-Mobile into spoofing your phone number on their device. Once this is done, a 'password reset' attempt can be initiated for any service associated with that phone number, including other social networks and even a bank account. CEO Twitter Jack Dorsey was reportedly hacked last week.
You might be trying to argue that it doesn't really matter as the actual violation happened some time ago, so it's not entirely fair to claim it Facebook. Except that hundreds of millions of people disclosed their personal information, it is not known when, and who knows where this information could be used.
Even if Facebook does not know if this information has been leaked, this does not mean that it actually did not exist or that it will not happen in the future. And at best, even if this is just the negligence of the one who collected the information, when the developers could do it, it still reminds us that everything that you post on Facebook is not confidential.
Obviously, what happens in Facebook doesn't stay in Facebook and this is a common problem.
Original material by Jason Aton
It is possible that this attitude towards user data is the norm for the entire industry, and the case of Facebook attracted attention and became public only due to the close attention to the company from stakeholders, including representatives of the digital security sector.
Then you should ask yourself whether you can trust other services of the company, for example, the popular messenger WhatsApp, which is used by millions of people every day, not only in the United States, but all over the world. What about the recently announced messenger in the also owned company Instagram? Should I start using it?
Yes, all this concerns Facebook, but what is the probability that tomorrow the unprotected user base of any other social network or messenger will not be found on the network?
All this cannot but be alarming and makes us think about what data we trust to social networks, instant messengers and cloud storage and whether it is worth doing. After all, if such leaks occur even in a huge corporation, which, it would seem, should guarantee security, then how are things going in small companies that do not have such huge budgets aimed at securing and preserving the data of their users?