WingNews logo WingNews GitHub [2]
top | item 18219848

Facebook says millions had phone numbers, search history and location stolen

257 points| nopacience | 7 years ago |washingtonpost.com | reply

40 comments

order
[+] atonse|7 years ago|reply
Here we go... the slow trickle of them saying every few days that the data breach is MUCH worse than what they had said days ago. Boil the frog.

1 month from now, compare what they've said to what they said this week.

[+] Bartweiss|7 years ago|reply
Among other interesting things, this was initially sold as an attack that enabled 'View As' for attackers who shouldn't have had access to it. It's been described like another issue in the same vein as Cambridge Analytica and Google+.

I don't doubt that setting was involved, but it's obvious by now that this wasn't equivalent to the others - there's no "View As" which will show you someone's search and location history. This isn't just a public/private breakdown but an actual breach of Facebook's internal-only data, and unlike the prior stories this ought to seriously challenge people's reliance on features like Facebook-based app sign-ins.

[+] paulcole|7 years ago|reply
Except they're going backwards this time.

First they said, "exposure of information from nearly 50 million of its users" and now it's "directly affected 29 million people on the social network".

John Gruber claimed the same thing a couple weeks ago:

https://daringfireball.net/linked/2018/09/28/facebook-hack

Surprisingly quiet this time since it doesn't fit the narrative he wanted.

[+] CryoLogic|7 years ago|reply
Why is it that all of the times Facebook claims a "hack" it's really Facebook giving away or selling user data via an API, getting caught and than claiming it as a "hack" to avoid responsibility?
[+] Bartweiss|7 years ago|reply
This story looks like the exception, though?

The app piggybacking and the initial "View As" stories constituted Facebook handing out data sloppily. But location records, search history, and TFA-only phone numbers are internally held data Facebook wasn't showing to anyone. This moves things from "faulty visibility settings" and "shady data sales", which we've seen before, to "outright security breach".

[+] JustSomeNobody|7 years ago|reply
I think you answered your own question. They wish to avoid responsibility.
[+] quest88|7 years ago|reply
Where does FB say it sells your data? Was there a news article about it?

I see this repeated about other tech companies as well but I can never find where they say they sell my data. It seems weird companies would sell their most valuable asset, rendering themselves moot.

My understanding is these companies allow advertisers to target users, but never sell the data.

[+] cpeterso|7 years ago|reply
More Facebook user data leaked or "stolen"? Must be a Monday.
[+] StreamBright|7 years ago|reply
Great that Facebook stores these things, otherwise it could not have been stolen.
[+] thaumasiotes|7 years ago|reply
People put their phone number and location on Facebook for public display. It seems hard to blame Facebook for storing them.
[+] pwaivers|7 years ago|reply
> User messages could have been exposed in one specific use case, officials said. If an affected user had been the administrator of a Facebook page, and the page had received a message from another user, that message may have been compromised, Facebook said.

Isn't this a common use case? Are we administrator to our own FB account?

[+] close04|7 years ago|reply
A Facebook page is different from a Facebook profile in the way it's presented so most likely the messages are made available through different mechanisms. I guess they are suggesting the particular hack didn't directly give the attackers full access to the users' profile pages (including messages) but when it comes to Facebook pages the messages are directly exposed.

With FB and Google getting free passes (as in no penalty that hurts) after this kind of incident I don't see them doing much else beyond the minimal diligence.

[+] Scoundreller|7 years ago|reply
All the time. I often get vendor support through Facebook because there’s no hold time.

Emails go into the ether with lots of vendors.

the vendor cares more about people that could bash them to all their friends without typing a new URL.

Recent examples: i’ve Dealt with an airline and a post service over Facebook messenger, complete with ticket information, name, phone numbers and addresses.

[+] throwaway292939|7 years ago|reply
Imagine if "page views" of your friends profiles were leaked...
[+] ravenstine|7 years ago|reply
LOL Then we could no longer pretend that Facebook doesn't still exist because of e-stalking unrequited loves and exes.
[+] nkkollaw|7 years ago|reply
Looks like the first huge GDPR fine the EU will be able to get.
[+] thrower123|7 years ago|reply
Hmm, Facebook has said that I was not included in this latest data breach, but on the other hand, the amount of spam that I've received in the email address that Facebook knows about has skyrocketed in the last few days... Correlation doesn't necessarily imply causation, and there's a million and one ways that spammers could get that address, but it certainly is curious.
[+] onetimemanytime|7 years ago|reply
search history is the most problematic, IMO, shows intent. But combine all three and you have a problem.

I think we need a new internet rule /law:

if it's online, it will hacked /stolen soon or later.

So they should not save most of the stuff.

[+] heuiop|7 years ago|reply
Is this the search history that appears in the activity tab? So, if you keep that clear, nothing could have leaked, right?
[+] intopieces|7 years ago|reply
Are all these the same hack? I’m losing track.
[+] JVIDEL|7 years ago|reply
Good thing I never gave them my phone

And that I got tracking and location blockers specifically for fb