Cell Numbers of one-third of the US population found on a password-free server

Approximately 133 million US-based cell numbers are part of the 419 million records found by cyber-security researches on a password-free server. The private data is originating from Facebook. Most of the entries stored on the easily accessible server contained not only cell number but full names, Facebook user IDs, gender, and even country. Facebook users’ phone numbers have been readily available online for approximately two years.

The social media network was not aware of the existence of these databases and launched immediate investigation after the issue was brought to their attention. In a statement made by Facebook, the company confirmed that the information is correct and the info found in the databases originate from them. However, the social media giant claimed that most of the numbers seen in databases are not unique numbers as there are a lot of duplicates. According to the biggest social network, the number of individual cell numbers is 210 million. Facebook claims that the data has been scraped from their servers before Facebook was forced to accept stricter privacy policies because of the Cambridge Analytica scandal.

As you might remember, last year, Facebook shut down the feature that allowed people to enter other people’s phone numbers in the search box and find the corresponding profiles on Facebook. The Palo Alto-based company switched off those search capabilities because bad actors were exploiting the feature to gather public information on Facebook users; the process was called “scraping.” Cybersecurity researchers believe that this has been the way those records have been collected.

Even though the data was taken down by the web hosting provider immediately after the cybersecurity researcher contacted them, it is currently unknown who uploaded the information online. It is also unknown how many people have been able to copy the databases and how are they planning to use it. There is also no proof that the same database is not for sale on the Dark Web either.

According to TechCrunch, each record contained a user’s unique Facebook ID and the phone number listed on the account. As you might already know, those long Facebook IDs contain a public number associated with a Facebook account – this could be used as a method to find out an account’s full name.

How could this data be used in a harmful way?

The Cambridge Analytica scandal is not the only reference to the ways hackers could use such information. There have been so many cybersecurity breaches over the last few years that if hackers have had access to stolen lists, those 419 million user records might come in handy for completing the puzzle and getting everything that hackers need to commit a crime such as fraud, identity theft, etc.

By knowing your number, cybercriminals can work their way through gaining access to your cellphone account and swap sim cards. If they managed to find your password, knowing such information would be able to get them access to your account even if you have a 2-factor authentication simply because they will be able to hijack the cellphone SIM card too.

There is no a cure-for-all in cybersecurity, but there are layers of protection that conscious people can add, so they do not become victims. Having reliable antivirus software on all your connected devices is a necessity, not a luxury. Protecting yourself and your family from cybercriminals must be a priority.

Download Panda Mobile Security