A total of 419 million Facebook records were recently found on a non-password protected server, which was not owned by Facebook. 133 million of these records were U.S. records. Apparently, the site hosting the server has since been taken offline. Facebook claims the data is a year old and scraped before Facebook changed user ability to find other user phone numbers.
Breached data includes:
- Mobile or landline phone numbers
- FaceBook ID’s
Some breached records contained users’:
- Name
- Gender
- Location
At present, there is no evidence that breached data has been used to compromise accounts. Nevertheless, it’s important to realize that telephone numbers have value to cybercriminals because they can:
- Spoof or social engineer phone calls and pretend that they are you.
- Engage in SIM swap fraud, by calling the carrier and requesting a replacement chip. If your phone goes dead, this may be the cause. Criminals use this social engineering method for identity theft and to bypass multi-factor authentication on user accounts. Once a SIM swap has been performed, criminals gain access to SMS text messaging which is used to confirm access to accounts or to reset accounts.
- If your phone reverts to “emergency calls only” this may be a cause. If this occurs, check with others on the same network, and take identification with you if you need to visit a carrier’s location to resolve.
- Another recommendation to protect against the effects of SIM swap fraud, is to use App (vs. SMS) based authentication whenever possible as criminals would need to have access to your device and password in order to access the app that you use to authenticate.
For more information, please see: