Published on Friday, September 6, 2019 - 13:13 by Camilla Winlo
The phone numbers of nearly 200 million Facebook users have been discovered online in the latest data scandel for the social network.
This breach includes phone numbers for about 18 million Facebook members in the UK, and around 133 million from American accounts. The leak was discovered by a security researcher, who found 419 million records on an unsecured server - so no password was needed to access them. Facebook has said the phone numbers have since been taken down.
“This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” Facebook's spokesperson said. “The underlying issue was addressed as part of a Newsroom post on 4 April 2018 by Facebook’s Chief Technology Officer.”
The ICO has referred the matter to its Irish equivalent - the IDPC - which is the supervisory authority for Facebook in the EU.
What happens next?
The most disturbing part of this latest Facebook breach is its insistence that, because the dataset is old and can’t be used to find people on Facebook, no harm has been caused.
Whilst the data may have been collected some while ago, people keep their phone numbers for years and the rise of measures such as two-factor authentication, which often sends a security code to a mobile phone, means that if anything - those phone numbers have become even more important.
Facebook appears to have considered the risk from the data only in relation to the risks to Facebook. The GDPR is clear: organisations need to consider the risks of the data they hold on the individuals as a whole, not just how it relates to their business.
People should think hard about whether they really trust the organisations who ask for their data. Here are two quick tricks anyone can try:
If you are interested in any of our services then please either use the contact form or contact us via of the methods below: