Some records also had names, genders and locations attached. The exposed server was accessible without a password.
Security researcher Sanyam Jain of GDI Foundation discovered the server hosting all of the databases, and could not initially identify the owner. He went to TechCrunch with it, where they were able to determine that the databases contained phone numbers matched with Facebook ID numbers. In total, million Facebook users were exposed.
- Have Your Users Made You an Easy Target for Spear Phishing?;
- UConn Health Phishing Attack Sees PHI of , Patients Exposed.
- Phishing attacks!
- The Ultimate Choice.
The data is a vestige of a canceled Facebook feature that used to allow users to search for each other via phone number. A follow-up Cnet report on September 6 revealed that another security researcher in the UK had found a different unprotected server containing information that matches the original find. At this point, it is unclear how many copies of these scraped Facebook customer databases are online sitting open to anyone who cares to visit them. This breach is just the latest in a long pattern involving not just Facebook, but all manner of large multinationals that handle huge amounts of personal data.
The whopper came last year when the Cambridge Analytica scandal came to light, however, and it has been a seemingly unceasing string of privacy-related mishaps since.
Creative Cloud accounts at risk of phishing attack after breach - 9to5Mac
Things have gotten so bad for the company that there is talk in American politics about sentencing Mark Zuckerberg to prison time. Facebook is far from the only company with these issues, however. All of these breaches involved a security failing by a third party vendor, most frequently either due to unsecured databases or phishing attacks.
Jonathan Bensen, CISO at Balbix , had some thoughts on how organizations should manage the risks posed by personal data collection going forward:. Exposed individuals even put their employers at risk; attackers can leverage stolen numbers to obtain unauthorized access to work email and potentially expose more data.
Misconfigurations have been the reason behind several data leaks this year including incidents affecting Orvibo, Tech Data and ApexSMS. Companies are tasked with the hefty burden of continuously monitoring all assets across hundreds of attack vectors to detect vulnerabilities. Through this process, companies are likely to detect thousands of flaws in their network — far too many to tackle all at once. The key to thwarting future instances of data exposure is to leverage security tools that employ AI and ML to observe and analyze the entire network in real time and derive insights in order to prioritize the vulnerabilities that need to be fixed.
There is sometimes an errant perception that information such as phone numbers and employment history is relatively harmless and does not require the same level of security that financial information does.
Will Exposed Phone Numbers Cause an Uptick in Phishing Attacks, SIM Swaps and Spam?
Hackers actively seek and make use of this information in a variety of ways. If the users fall for it, cybercriminals gain access to their email accounts.
- Compliance Junction!
- Heart of the Hill (The Summer of Magic Quartet).
- LA TIERRA Y EL ALBA (Spanish Edition)!
- Staff often duped by fake emails in simulations.
Phishing emails that steal email account credentials to take over mailboxes are still widely distributed. To avoid falling victim to credential phishing attacks and other advanced email threats, organizations should consider using advanced security technologies.
If a suspected phishing email is received by an employee, it will go through sender, content, and URL reputation analyses. Like it? Add this infographic to your site: 1.
Please review our terms of service to complete your newsletter subscription.
Looks like your cookies are disabled. Please enable and try again.
Engadget is now part of the Verizon Media family. We Verizon Media and our partners need your consent to access your device, set cookies, and use your data, including your location, to understand your interests, provide relevant ads and measure their effectiveness. Verizon Media will also provide relevant ads to you on our partners' products.
Related Phishing Exposed
Copyright 2019 - All Right Reserved