Facebook 2019 Leak (Mobile phone numbers, profile information)

Soldato
Joined
17 Aug 2009
Posts
9,233
Ah, but where do they store it? Is there an assurance that they don't?

Serious question BTW.

Well they assure you they don't.

Searching for an email address or phone number only ever retrieves the data from storage then returns it in the response, the searched data is never explicitly stored anywhere. See the Logging section below for situations in which it may be implicitly stored.

https://haveibeenpwned.com/Privacy

Then its up to you if you believe that or not.
 
Associate
Joined
1 Sep 2004
Posts
666
Location
Kent
Believe this was not a breach, someone simply created a list of all possible phone numbers - then asked FB if their friends were on FB
 
Soldato
Joined
12 Jul 2007
Posts
6,612
Location
Norfolk.
Phone is safe but two of my "burner" e-mails - only used to sign up for stuff - are leaked across 3-4 companies which I'm not all that fussed about.
 
Soldato
Joined
22 Oct 2002
Posts
7,382
Location
Near Cheltenham
Would be funny if haveibeenpwned.com experienced a similar breach, should we really be putting information we want to remain private into that website?

People should always be aware of where they enter their data.. We had a huge push on phishing training in work and the irony of the training company actually breaching their own training on phishing was priceless..

The sad fact is, entering your phone number and/or email address is just allowing a private individual to mine it if they so wish..

It's like password managers, VPN's, Proxies, etc, etc.. don't think for one minute they aren't a great attack vector for nefarious people..
 
Soldato
Joined
6 Jan 2013
Posts
18,440
It's like password managers, VPN's, Proxies, etc, etc.. don't think for one minute they aren't a great attack vector for nefarious people..

Yes, agreed. I use Chrome to generate and store a random password every time I do a new sign up. This means that nobody actually knows my password, not even me. All accounts are backed by 2fa where possible.
 
Soldato
Joined
22 Oct 2002
Posts
7,382
Location
Near Cheltenham
Yes, agreed. I use Chrome to generate and store a random password every time I do a new sign up. This means that nobody actually knows my password, not even me. All accounts are backed by 2fa where possible.

It's a head do-er, for convenience I was putting in my TOTP 2FA in my password manager rather than a different app.. then I realised I'd actually ended up storing all my data in one place, so not only would anyone hacking that have my password, but also my 2FA all neatly bundled for them.. DOH!

Basically it's like trading convenience for security.. I'm still a bit vulnerable as I've not moved all 2FA mechanisms to different apps yet..
 
Soldato
Joined
24 Jan 2007
Posts
3,375
Location
Bristol
People should always be aware of where they enter their data.. We had a huge push on phishing training in work and the irony of the training company actually breaching their own training on phishing was priceless..

The sad fact is, entering your phone number and/or email address is just allowing a private individual to mine it if they so wish..

It's like password managers, VPN's, Proxies, etc, etc.. don't think for one minute they aren't a great attack vector for nefarious people..

This is fair point.

What irritates me is Facebook constantly pushes for more information like your phone number. I no longer use the app, but remember it previously being very in your face with constant "GIVE US YOUR PHONE NUMBER BECAUSE SECURITY" type notifications and splash screens.

:-/
 
Soldato
Joined
16 Aug 2009
Posts
6,483
People should always be aware of where they enter their data.. We had a huge push on phishing training in work and the irony of the training company actually breaching their own training on phishing was priceless..

The sad fact is, entering your phone number and/or email address is just allowing a private individual to mine it if they so wish..

It's like password managers, VPN's, Proxies, etc, etc.. don't think for one minute they aren't a great attack vector for nefarious people..

Its not just being silly giving email addresses willy nilly its what should be legit companies who can compromise you for example I bought some stuff from Amazon or rather a 3rd party marketplace seller for some household blinds but when you do they get your email address from Amazon and I'm pretty sure they've passed on my email to some other companies and I certainly didn't see any option to opt out of marketing/passing on details.

Got a strange email this morning from someone called Casa Contracts asking me to send some details via an encrypted link for a quote... wtf I thought... well it seems they're a legit company but I sure as hell didn't ask for any quotes for supplying office furniture. Another one for the blocked list but if this is going to happen everytime I purchase via Amazon its going to have to go on a burner account and I'm pretty sure whenever you pay for anything via PayPal it gives your email to whoever the recipient may be too.
 
Last edited:
Soldato
Joined
17 Jan 2016
Posts
6,617
Phone number is safe. Emails leaked in other leaks but not facebook.

When are these big companies going to start getting fined for this stuff.

If our details are leaked can't we sue under (UK) GDPR ?
 
Top