It's amazing the information people will just hand over.. I run a forum and I have had people give me all kinds of information without even asking for it. Then I gently point them to the section on my site telling them not to post personal details and why. It's also listed on registration page and they still do it.

People are clueless. I work part time at a bike shop and the one bike mechanic mentioned the one customer was not happy with X brand because they started getting bombed by email from them after viewing their site. He then went on to explain how they obtained the email address from the IP. <sigh>

Hello,

It's amazing the information people will just hand over

Indeed. I do not have a Facebook account, but I assume that, giving your name, dob and a phone number is mandatory, to open an account, isn't it ? I do have a Twitter account, and I've been forced to add a phone number. And there are more and more places, where it becomes mandatory, for security purpose (double authentication), but the day, they are hacked all these information are in the wild ...

I run a forum and I have had people give me all kinds of information without even asking for it.

Yes! I have some people posting their real name (whereas there is no need), and posting they address or phone numbers ! I spend more time cleaning this, than cleaning spams !

It's amazing the information people will just hand over..

Yes, and you would have thought people would learn by now. Eventually they'll get it, but not until after it's been compromised and abused.

I assume that, giving your name, dob and a phone number is mandatory, to open an account, isn't it ?

Yes, but you can hide it so it's only on the system. That's where it goes seriously wrong if the data is more than scraped.

Even creating a simple clone of a user account can fool people into thinking it's the actual person is their friend on their list. It's then that they start extracting their details.

the last time i tried to open a facebook account they insisted i email over a digital photograph of my face... this was on top of a phone number and everything else.
i am just about all right with handing over my phone number, but a photograph was a step too far for me

The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned [troyhunt.com]

Wired has a great write-up explaining the FUD around this. It appears it's new, and not connected to the other breaches around that time.

“At what point did Facebook say, ‘We had a bug in our system, and we added a fix, and therefore users might be affected’?" says former Federal Trade Commission chief technologist Ashkan Soltani. “I don't remember ever seeing Facebook say that. And they’re kind of stuck now, because they apparently didn’t do any disclosure or notification."

[wired.com...]

It just goes to show that FB is a treasure trove of data for bad actors!

It seems a little odd that Facebook has said it has no plans to notify these users affected by this incident.

The Facebook spokesman said the social media company was not confident it had full visibility on which users would need to be notified. He said it also took into account that users could not fix the issue and that the data was publicly available in deciding not to notify users. Facebook has said it plugged the hole after identifying the problem at the time.

[reuters.com...]

I found out about this on this forum and it happened how long ago? The less is out there about you the better. That's going to prove difficult moving forward with the new "Digital ID" systems being launched in Canada, the US and the EU, assuming they gain traction for mandatory use.

In Ontario Canada the new "digital ID wallet" is being issued which can contain ALL of a person's data from birth certificate to medical records to employment records, marriage certificates, driver's license, social media profiles etc.... Basicaly it contains your everything and has little to do with covid it seems.

Official Gov of Ontario Source - [ontario.ca...]

How hard would it be to jump from this ID into social credit scores with limits and restrictions based on your score? "Sorry, you're a bit low for this job" etc. Add that on top of privacy concerns and it's time to talk.

I found out about this on this forum and it happened how long ago?

It's interesting that it's only just come to light, having occurred in 2019.

The less is out there about you the better. That's going to prove difficult moving forward with the new "Digital ID" systems being launched in Canada, the US and the EU, assuming they gain traction for mandatory use.

I completely agree. They really have to get security 100%, imho, and i'm not sure that's possible.

I have noticed a trend where businesses are asking for ID which includes D.O.B. as one of the confirmatory factors. It goes to show that with only a few key facts a bad actor can do quite a few things.

In the venue where I first heard about this*, they felt obliged to point out that FB immediately said it’s nothing to worry about, because this is old data that was already breached ages ago. With the inevitable reply: Oh. Well, that’s all right then. Nothing to worry about.

* Yes, all right, it was one of the late-night comedy shows.

Indeed either people are indifferent or they do not know the consequence of giving personal information. There are many hacker groups blackmailing the targeted users by collecting personal information of the users. So all need to be careful. It is important for the operators of different social media platforms to notify and make aware the people of the harmful effect of giving personal information. Thanks for important topics mentioned for discussion.

I'm amazed that more of a fuss is not being made of this.

My partner has a facebook account. She is now being bombarded with text messages sent to her mobile phone from scammers telling her her parcel cannot be delivered but if she confirms her address and pays a small fee (by credit card of course) she can have it tomorrow. Some of these look very convincing indeed.

So; every scammer on earth has names, phone numbers, login details (which are probably use for countless other sites) and email addresses for millions of people. Get their addresses and credit card details too and their bank accounts can be emptied.

We have the potential for massive losses to fraudsters for millions of people. And who is to blame? I forsee huge class action suits against Facebook and I seriously wonder if it will survive.

No facebook, no twitter, no gmail, no nothing..

.. just pure Geekness and still pretty much alive watching a show on Animal Planet about Penguins!

The weird part is folks look at you like you are from a-planet and part of a-team when you 'doont' have one of those...

- Close any accounts you don't use
- Limit information you provide
- Never re-use passwords

It's tried and true advice that might be even more important to remember as governments are rolling out new digital ID systems containing even more of your info.

Hello,

- Close any accounts you don't use

Indeed, "but". You know, Internet giants are never deleting your information, even after you closed your account. Also, I think that only European citizens can requests the information to be "really" deleted, without proof these information will effectively be deleted. Just to say, that, even after closing your account, you information can still be retrieved by hackers...

The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned

I wonder how HIBP is storing all the leaked data ... imagine, if the site is hacked one day, and ALL the data (previously leaked) available in one piece.

I wonder how HIBP is storing all the leaked data

Probably as hashed data rather than plaintext.

Regards...jmcc