This time they exposed 419 million phone numbers. Maybe yours!
More than 419m Facebook IDs and phone numbers were stored in an online server that was not password protected, the technology website TechCrunchreported. The dataset included about 133m records for users in the US, 18m records for users in the UK and 50m records for users in Vietnam.
Facebook confirmed the report and said it was investigating when and by whom the database was compiled. A spokeswoman for the company also claimed that the actual number of users whose information was exposed was approximately 210m, because the 419m records contained duplicates.
So… I am not one to call out the pitchfork-bearing mob because a company has a data breach or exposure, because honestly, after working for some years in IT security I know how often this happens. A lot, and it can happen to responsible companies that are doing the right things.
But I also can read between the lines here. Facebook amasses vast amounts of personal data and that comes with some responsibilities, both ethically and legally (particularly in Europe and Canada).
Here’s what I see in this article:
- Facebook employees were collecting up the data to do something with and sticking on a server somewhere (with no password protection!) and Facebook isn’t actually sure where they put it or who put it there. This is a company that does not have good data protection policies for its employees to follow, and/or no good training or monitoring to make sure they are followed.
- Facebook has not done an audit of where data is.
- Facebook has poor control of its business infrastructure.
Which means, basically, you should trust Facebook with your personal data about as much as your should trust a toddler with a pistol. This is not a company doing the right things and making an unfortunate mistake. This a company that doesn’t seem to know what the right things to do are, and doesn’t really give a shit.
You’ve been warned. Make good choices.