Shulou(Shulou.com)06/01 Report--

According to foreign media reports on Sept. 5, there is a serious security breach in the social networking platform Facebook. A database of hundreds of millions of phone numbers associated with Facebook accounts has been leaked online. Each record contains a user's Facebook ID and a phone number connected to their account. The privacy of more than 400m users worldwide is at risk.

The exposed server contains records from multiple databases involving users in different geographical locations, including 133 million records for Facebook users in the United States, 18 million user records in the United Kingdom, and more than 50 million user records in Vietnam. Because the server is not password protected, anyone can find and access these databases.

Some of these records have been verified by the media and some of them have been found to contain the user's name, gender and country location.

Facebook security problems occur frequently?

Facebook security risks occurred in August, but not many people paid attention to them at the time. According to foreign media reports, Check Point, an Israeli cyber security company, said on Aug. 8 that it had found a serious security loophole in WhatsApp, a popular messaging app owned by Facebook, allowing hackers to manipulate users' chat messages, whether in public conversation mode or private conversation. In response, a spokesman for Facebook said in an emailed statement: "We examined this issue carefully a year ago and concluded that the claim that there were vulnerabilities in the security we provided on WhatsApp was wrong. It should be noted that solving the questions raised by these researchers may reduce the privacy of WhatsApp."

However, less than a month later, Facebook has such a big security loophole, is it really because the tree attracts the wind?

This is the latest data security vulnerability exposed by Facebook since the data abuse scandal at Cambridge Analytics (Cambridge Analytica). In the 2016 US presidential election, the personal data of more than 80 million people were crawled to help identify wavering voters.

Since then, there have been several high-profile seizures at the company, including Instagram, which recently admitted that a large number of personal data had been crawled.

The latest incident has exposed hundreds of millions of users' phone numbers through Facebook ID alone, exposing them to spam and SIM exchange attacks that rely on deceiving mobile phone operators into providing someone's phone number to the attacker. Using someone else's phone number, an attacker can force the password of any Internet account associated with that number to be reset.

A spokesman for Facebook said the data had been collected before Facebook cut off access to users' phone numbers. "this data set is very old and seems to have the information we got before we made changes last year, when it eliminated people's ability to use their own phone numbers to find other people," he said. "the data set has been deleted and we have seen no evidence that Facebook accounts have been compromised." But who grabbed the data, when it was taken from Facebook, and for what purpose? These questions are still unanswered.

Facebook has long restricted developers from accessing users' phone numbers, and the company has made it more difficult to search for friends' phone numbers. But the data appears to have been loaded into the exposed database at the end of last month, although that doesn't necessarily mean the data is new.

The latest data breach is the latest example of online and publicly stored data being exposed without password protection. Although often associated with human error rather than vandalism, data exposure still represents an emerging security issue.

The problem of network security needs to be paid attention to.

In 2010, it was revealed that rockyou.com, a large social networking site, had a SQL injection vulnerability that was used by hackers to obtain 32 million user records (including E-mail, names and passwords in clear text).

In 2015, TalkTalk, a British telephone and broadband provider, was attacked by a 15-year-old hacker who took advantage of the SQL injection vulnerability to steal the names, addresses, birth dates and credit card / bank details of 4 million TalkTalk customers.

In 2018, a man in Taiwan took advantage of a loophole in Citibank's credit card business system and spent more than 6300 million yuan (NT $13.45 million) on his credit card. Citibank has sought compensation from the customer through judicial channels.

Summary of the new dream: nowadays, most social platforms and app are bound with personal phone numbers and personal information. If the platform operator has a security risk similar to Facebook, it is often us registered users who will be hurt. Currently, in view of the Facebook vulnerability incident, we can only hope that the information of friends who have signed up for Facebook in China is secure.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.