Facebook Confirms Data Breach

another random user writes "A researcher by the name of Suriya Prakash has claimed that the majority of phone numbers on Facebook are not safe. It's not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebook's 600 million mobile users), but his demonstration certainly showed he could collect countless phone numbers and their corresponding Facebook names with very little effort. Facebook has confirmed that it limited Prakash's activity but it's unclear how long it took to do so. Prakash disagrees with when Facebook says his activity was curtailed." Update: 10/11 17:47 GMT by T : Fred Wolens of Facebook says this isn't an exploit at all, writing "The ability to search for a person by phone number is intentional behavior and not a bug in Facebook. By default, your privacy settings allow everyone to find you with search and friend finder using the contact info you have provided, such as your email address and phone number. You can modify these settings at any time from the Privacy Settings page. Facebook has developed an extensive system for preventing the malicious usage of our search functionality and the scenario described by the researcher was indeed rate-limited and eventually blocked." Update: 10/11 20:25 GMT by T : Suriya Prakash writes with one more note: "Yes, it is a feature of FB and not a bug.but FB never managed to block me; the vul was in m.facebook.com. Read my original post. Many other security researchers also confirmed the existence of this bug; FB did not fix it until all the media coverage." Some of the issue is no doubt semantic; if you have a Facebook account that shows your number, though, you can decide how much you care about the degree to which the data is visible or findable.

Phonebook

[Nerdfest]

A friend sent me an email a couple of years ago saying "Did you know that you have your phone number on FaceBook?". I said "Yes, I also have it in the phonebook".

So?

[backslashdot]

Remember phone books? It used to be possible to match people with not only their phone number but their home address too.

"not safe"?

[1u3hr]

How is a phone number "not safe"?

Its a new one on me to have an infected phone number. I guess they mean "not secret".

And who cares? Ever heard of phone directories? You can find millions of phone numbers in there. Including mine. Phone spammers have lists anyway or just have dialers that try every number in a range till one answers.

Re:Phonebook

[bondsbw]

Actually, I just looked and noticed that Facebook has my phone number. I don't remember ever giving it to them, since I specifically don't want them sending me text messages (I don't have a texting plan and each text is a charge).

When I click to remove it, it says "You will no longer be able to use this phone to receive notifications or upload any photos and videos to Facebook."

Perhaps they got my number because I installed the app on my phone? I just don't remember explicitly giving it to them.

What Do You Mean by "Data Breach"

[Anonymous Coward]

The *only* difference between a "data breach" and their normal business model is that Facebook didn't get paid.

misleading

[tero]

So this is not about breaching phone numbers data that are set to private. This is about finding publicly published phone numbers through the normal search.

Meh. Phonebooks didn't even have privacy policies back in the day.

A more valid complaint might have been the ever changing default settings and user interface "improvements" which make finding the said settings very hard.

But even then, this is not really post-worthy.

Re:One teensy weensy difference...

[Anonymous Coward]

I remember in the mid 80s buying entire united states phonebooks on disks...

In the 90s it was a giveaway with many computers on a CD.

Re:Phonebook

[Thruen]

The phone book doesn't have my cell phone number, or most other peoples' cell phone numbers, but that is what Facebook has most of the time. The phone book doesn't have photos of me, my friends, and my family so as to positively identify me from anyone else in the world who might share my (relatively common) name. The phone book doesn't not allow me to find people by interest so I can find people to call and sell my products to. The phone book requires you to know pretty specifically who you are looking for in order to find them without using the trial and error method. Oh, and lastly, you know the phone book is going to list your number unless you do something about it, and many people choose not to have their number listed, Facebook was never supposed to list your number and so people gave it to them expecting it to remain private. So, while you might not care that Facebook decided to show your number, plenty of people would be bothered by it. It isn't the end of the world or anything, but to downplay it and equate it to having your number in the phone book is a just a bit crazy. Oh, and a point I nearly forgot, lots of teenagers have their cell phone numbers in their Facebook accounts, and without tackling why they shouldn't to begin with, those numbers should definitely not be available publicly.