What the Tech? Phone numbers of Facebook users leaked online
The phone numbers and Facebook ID's of some 419 million Facebook users have been compromised after a group discovered a database left unprotected on a server that anyone could access.
The discovery by TechCrunch found the server had no password protection and that anyone could find and access the database. The information included users' unique Facebook ID and the phone number associated with the account.
What can hackers do with that information? Of course, they can sell the phone numbers to companies that make robocalls. All those companies would have to do is input the database into a software system to begin making thousands of calls simultaneously with a computer. The information could also be sold on the dark web to individuals and groups looking to build stolen identities.
The numbers could also be used to make SIM swapping attacks. Hackers use this technique for a number of reasons. A hacker gets a phone number and contacts the wireless carrier to request swapping the SIM associated with the account to a new phone. If the carrier complies, the hacker can receive and make calls and text messages from their phone. They can also access other accounts on the phone and change their credentials.
Last year a cryptocurrency investor said hackers swapped his phone's SIM and siphoned off around $24 million from his digital currency wallet stored on his phone. Michael Terpin filed a lawsuit against AT&T for allowing hackers to access his account.
Ironically, Facebook states in its help section that adding a phone number helps make a user's account more secure.