Facebook 2019 Leak (Mobile phone numbers, profile information)

[Dirk Diggler]

They already have a list. You're trusting their service to check against that list not store what you put in.

Ah, but where do they store it? Is there an assurance that they don't?

Serious question BTW.

 

[Hotwired]

Ah, but where do they store it? Is there an assurance that they don't?

Serious question BTW.

Well they assure you they don't.

Searching for an email address or phone number only ever retrieves the data from storage then returns it in the response, the searched data is never explicitly stored anywhere. See the Logging section below for situations in which it may be implicitly stored.

https://haveibeenpwned.com/Privacy

Then its up to you if you believe that or not.

 

[craaaaaig]

Believe this was not a breach, someone simply created a list of all possible phone numbers - then asked FB if their friends were on FB

 

[ianh]

Phone is safe but two of my "burner" e-mails - only used to sign up for stuff - are leaked across 3-4 companies which I'm not all that fussed about.

 

[Haggisman]

I'm sure they really care. It's not been the first time.

Of course they care, but only for the reason that if this information is leaked for free, FB can no longer sell it!

 

[Dirk Diggler]

Of course they care, but only for the reason that if this information is leaked for free, FB can no longer sell it!

It's a fair point you make. Not one shred of data is safe or private once it's provided to Facebook, it's all sold on.

 

[Demon]

Would be funny if haveibeenpwned.com experienced a similar breach, should we really be putting information we want to remain private into that website?

People should always be aware of where they enter their data.. We had a huge push on phishing training in work and the irony of the training company actually breaching their own training on phishing was priceless..

The sad fact is, entering your phone number and/or email address is just allowing a private individual to mine it if they so wish..

It's like password managers, VPN's, Proxies, etc, etc.. don't think for one minute they aren't a great attack vector for nefarious people..

 

[Dirk Diggler]

It's like password managers, VPN's, Proxies, etc, etc.. don't think for one minute they aren't a great attack vector for nefarious people..

Yes, agreed. I use Chrome to generate and store a random password every time I do a new sign up. This means that nobody actually knows my password, not even me. All accounts are backed by 2fa where possible.

 

[Demon]

Yes, agreed. I use Chrome to generate and store a random password every time I do a new sign up. This means that nobody actually knows my password, not even me. All accounts are backed by 2fa where possible.

It's a head do-er, for convenience I was putting in my TOTP 2FA in my password manager rather than a different app.. then I realised I'd actually ended up storing all my data in one place, so not only would anyone hacking that have my password, but also my 2FA all neatly bundled for them.. DOH!

Basically it's like trading convenience for security.. I'm still a bit vulnerable as I've not moved all 2FA mechanisms to different apps yet..

 

[Alex_6n2]

People should always be aware of where they enter their data.. We had a huge push on phishing training in work and the irony of the training company actually breaching their own training on phishing was priceless..

The sad fact is, entering your phone number and/or email address is just allowing a private individual to mine it if they so wish..

It's like password managers, VPN's, Proxies, etc, etc.. don't think for one minute they aren't a great attack vector for nefarious people..

This is fair point.

What irritates me is Facebook constantly pushes for more information like your phone number. I no longer use the app, but remember it previously being very in your face with constant "GIVE US YOUR PHONE NUMBER BECAUSE SECURITY" type notifications and splash screens.

:-/

 

[Jay85]

Neither have been leaked, my old email however has been breached 6 times!

 

[Blackjack Davy]

People should always be aware of where they enter their data.. We had a huge push on phishing training in work and the irony of the training company actually breaching their own training on phishing was priceless..

The sad fact is, entering your phone number and/or email address is just allowing a private individual to mine it if they so wish..

It's like password managers, VPN's, Proxies, etc, etc.. don't think for one minute they aren't a great attack vector for nefarious people..

Its not just being silly giving email addresses willy nilly its what should be legit companies who can compromise you for example I bought some stuff from Amazon or rather a 3rd party marketplace seller for some household blinds but when you do they get your email address from Amazon and I'm pretty sure they've passed on my email to some other companies and I certainly didn't see any option to opt out of marketing/passing on details.

Got a strange email this morning from someone called Casa Contracts asking me to send some details via an encrypted link for a quote... wtf I thought... well it seems they're a legit company but I sure as hell didn't ask for any quotes for supplying office furniture. Another one for the blocked list but if this is going to happen everytime I purchase via Amazon its going to have to go on a burner account and I'm pretty sure whenever you pay for anything via PayPal it gives your email to whoever the recipient may be too.

 

[Jintsay]

I opted out of Facebook years ago. Never looked back.

 

[Vita]

None of my emails or numbers.

 

[Throrik]

Somebody apparently leaked my Evony password from many moons ago.

 

[GGizmo]

Phone number is safe. Emails leaked in other leaks but not facebook.

When are these big companies going to start getting fined for this stuff.

If our details are leaked can't we sue under (UK) GDPR ?