author photo
By Bruce Sussman
Thu | Sep 5, 2019 | 11:01 AM PDT

You've probably seen the headlines about the latest round of Facebook data being exposed in an unsecured database.

The information included unique Facebook account identifiers and account holder phone numbers.

According to TechCrunch, which broke the story, the database included 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.

And while many of us are starting to get Facebook privacy breach or data breach fatigue, there is something really interesting about this latest case.

It was the effort to uncover which company was associated with the massive dataset. 

Think of it like finding a ring in the sand at the beach. Someone's missing it, but how do you find out who?

TechCrunch puts it like this:

Sanyam Jain, a security researcher and member of the GDI Foundation, found the database and contacted TechCrunch after he was unable to find the owner. After a review of the data, neither could we. But after we contacted the web host, the database was pulled offline.

In this case, the web host was a key part of discovering the data's source.

Facebook spokesperson Jay Nancarrow said the data had been scraped before Facebook cut off access to user phone numbers.

"This data set is old and appears to have information obtained before we made changes last year to remove people's ability to find others using their phone numbers," the spokesperson said. "The data set has been taken down and we have seen no evidence that Facebook accounts were compromised."

The questions now: who scraped the data, when, and why?

Comments