Unlike many friends and acquaintances, my number is in any case not included in the huge Facebook database that was offered for free to the whole world at Easter. In total, it is said to be more than 500 million data points, and in addition to mobile numbers, full names, location information and a couple of million email addresses have been exposed. The data was hacked even before 2019 due to a now-fixed vulnerability at Facebook and fortunately it does not contain passwords or anything else that could lead to regular account hijacking.
Yet. Have we become so blasé with all the intrusions and data leaks that we can hardly care anymore? I have seen several comments along the lines of “yes, but let them call then, I don’t answer” or “my number is already on Eniro”. But think of what a systematic, industrialized exploitation of 500 million mobile numbers can lead to! Phone scams à la Bank-ID, smishing, dial-up terror and probably hundreds of other scams that haven’t been invented yet. No Nix registry in the world will help against this. And people always flock there.
All 533,000,000 Facebook records were just leaked for free.
This means that if you have a Facebook account, it is extremely likely that the phone number used for the account was leaked.
Facebook was careful to say that the data retrieval itself was two years old, but didn’t say much more than that. Well, the fact that it wasn’t hackers who succeeded in a regular breach was also important. Rather, they had managed to harvest the data using automated software, something called “scraping”. Important. Calling data “old” is always problematic, especially when it comes to phone numbers that we pretty much never change.
A few days later, it was the turn of Linkedin users to see their information “scraped” from the social network to be sold on a hacker forum. According to Linkedin, it is not a breach, but rather someone or a few aggregated open information from the network’s users in another huge database. Neither Linkedin nor Facebook took any specific steps to inform their users. The news buzz about these two incidents has already died down.
And this, my friends, appears to be entirely according to Facebook’s plan. According to an internal e-mail that appears to have accidentally ended up with Belgian Data News, PR strategies are being discussed around the 500 million database. The email, dated April 8, quickly became big news because, among other things, Facebook more or less says that data scraping is the new normal of our time. They don’t deny that it’s a problem – quite the opposite – but the very normalization and downplaying of it is frightening.
This news is troubling for several reasons. Partly because the companies are not doing enough to protect our sensitive data, which in isolated cases may seem harmless, but which in this type of database can occupy entire call centers with scammers for years. Partly because of how easily both they and we – the victims – began to wave these incidents off as further annoyances in the crowd.