An unsecured cloud server which contained phone numbers associated with Facebook accounts is alive and well, a single day after Facebook announced that a similar database has been removed and the client information is safe.
Elliot Murray, a cybersecurity researcher from the United Kingdom, found a database on Thursday that was live. He believes that this server includes the same data that Facebook was trying to get rid of and here it was, alive and well, ready to be accessed from apparently anywhere.
Murray, as part of his investigation, was easily able to match several Facebook accounts with their associated phone numbers.
Do you know how dangerous this server is?
Facebook themselves on Wednesday said, that it estimates about 200 million users of the largest social media platform were affected by this exposal of information and breach of security.
This is one of the latest examples of security breaches around the globe due to the negligence of big companies like this. As organizations like these work on securing their databases by bringing them online, they often lack the expertise or the proficiency to do so.
As a result of this negligence, millions and millions of their devoted followers are being robbed of their privacy every year by one person with a browser and the correct IP address.
Instagram is another huge social media platform that is owned by Facebook, has brought a swift crackdown on scraping user data from their app features as well. In the month of May this year, it retracted the access given by them to an Indian recruitment website called Chtrbox which was charged with scraping Instagram user data.
The issues of the exposed phone numbers of Facebook users came into the spotlight on Wednesday by a TechCrunch report, that stated that a researcher named Sanyam Jain had found the data online.
Murray is the CEO of WebProtect which is a cybersecurity company, said that he also found some similar data. “Databases of this scale don’t come often and it’s clear from the data contained that the two match,” Murray said.
No one from Facebook commented on this issue immediately. They were mum on the issue for quite a few hours and when they did respond, they stated that there wasn’t any real indication that individual users’ accounts were accessed.
When a phone number from the database was contacted, being linked to Facebook co-founder Chris Hughes, the person on the other end said that she obtained this phone number in this year’s start and since then she has received a lot of calls and texts from reporters for Hughes.
“I honestly wasn’t aware this number was listed in a database until now and it must be listed elsewhere because you aren’t the first reporter to contact me,” she said.
This is not the first time a big social media company has screwed up while protecting the data of their users and nor would it be the last, but after these blunders, should we really trust them with our private information anymore?