In 2018, we reported Cambridge Analytica, a data breach that showed the personal information of about 50 million Facebook users had been obtained without their consent or permission and used for unethical targeted campaign ads.
Following the data breach, one user conducted a survey showing that Facebook regularly harvests data from users’ phones, such as phone calls, text messages, and deleted call logs. Several users who downloaded their Facebook data reported the same experience.
On April 6, 2020, Forbes, CNN, and nearly every reputable media agency reported a data breach more than ten times that size. Another data breach has compromised the name, birthday, location, phone numbers, and email addresses of more than half a billion Facebook users.
According to cybersecurity experts, hackers can do considerably serious damage with this data, e.g., identity theft. Because the humongous data set is publicly available, this breach exposes affected Facebook users to scams, unsolicited phone calls, and messages from telemarketers, robots, and scammers.
Users who have received texts or phone calls from unknown callers recently can perform a phone number search to unmask the callers’ identity. By searching through the registries of carrier services, the phone search service identifies the person or business on the other end.
Users can take it one step further by adding their number to the federal do not call registry or the registry that their state maintains. After taking this measure, a telemarketer cannot contact you, but you may still receive texts and calls from scammers and unscrupulous marketers.
In a blog post, Facebook claimed that the breach was old and occurred in 2019. The public and government officials have criticized the social media giant for concealing and downplaying the data breach.
“Regardless of whether Facebook identified and fixed this issue in 2019, it failed to ever disclose this serious breach to impacted users,” said Sen. Mark R. Warner (D-Va.). You cannot simply brush away the disclosure of over half a billion Facebook users’ personal information.”
A data breach advice site has reported that the breach affected more phone numbers than emails. Concerned Facebook users can check if they are affected.
Facebook has suggested that users enable two-factor authentication to add an extra layer of security to their accounts. While experts laud this as a good idea, TechCrunch noted that providing phone numbers for 2FA – as is standard practice – remains risky.
Given Facebook’s notoriety for data breaches, a better alternative is to use security keys and third-party authentication apps for 2FA. This way, users get the extra layer of protection without giving Facebook their mobile number. Although Facebook has admitted to using 2FA digits for ad targeting, this option is much better than providing mobile phone numbers.