Facebook is in the middle of another serious problem of a security breach involving a feature that the company had disabled more than a while ago. According to reports, Facebook has unknowingly exposed personal data for many of its accounts in an unrestricted and unprotected database that was recently found by a security researcher.
Sometime in July last year, CEO Mark Zuckerberg tendered a public apology when a serious inquiry from the Department of Justice along with other federal agencies began to investigate how Cambridge Analytica, a consulting firm which worked for President Donald Trump, got their hands on data for more than 70 million U.S. Citizens.
It was discovered that the breach stemmed from the Facebook feature that allowed users to search for others’ accounts through their phone numbers. Apparently, the feature was shut down but the database containing all the information was still left accessible.
This recent incident, found by a security researcher Sanyam Jain, showed that the server exposed at least 419 million records across many different databases, which had personal information including a user’s name, phone number, individual ID and even location. Of this number, there were at least 50 million entries for Vietnamese users, 18 million for users in the United Kingdom and about 133 million for U.S. users alone.
Apparently, the server was also unprotected meaning that anyone who knew to find it, could retrieve all the information including phone numbers, even though public display of phone numbers has been disabled by Facebook since last year.
Facebook has however said that the data in question is outdated and has been retrieved without any breach to any one’s accounts. According to spokesperson Jay Nancarrow:
“This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers. The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”
At the time of the Cambridge Analytica Scandal, Facebook’s Chief Technology Officer Mike Schroepfer explained how people could exploit the ability to search using phone numbers, for scraping.
According to Schroepfer, the feature was a great way for people to find old friends and acquaintances, especially in cases where the name being searched is common and just using the name alone will come up with too many results. He also added that the feature was beneficial to people who needed help with finding “friends in languages which take more effort to type out a full name.” Explaining further, Schroepfer said:
“However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers of email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature.”
Facebook has been met with serious criticism since it announced the Libra, because of its security issues. Now, there’s a good chance that this new occurrence will dent the company’s chance for the Libra by next year.
Facebook (FB) stock is currently at $187.14, a 2.6% increase from its previous close of $182.39 and is more than 50% higher than its 52-week low of $123.02.