Facebook hacked on Dec 12th 2019

  • Thread starter Thread starter Evo
  • Start date Start date
Click For Summary

Discussion Overview

The discussion centers around a data breach involving Facebook that occurred on December 12, 2019, where the personal data of 267 million users was exposed. Participants explore the implications of this breach, share personal experiences related to data security, and discuss the practices of social media platforms regarding personal information requirements.

Discussion Character

  • Debate/contested
  • Technical explanation
  • Conceptual clarification
  • Meta-discussion

Main Points Raised

  • Some participants report that a database containing names, phone numbers, and Facebook IDs was discovered on a hacker forum, raising concerns about data security.
  • Several users express skepticism about the necessity of providing personal information, such as phone numbers, to social media platforms like Twitter and Facebook.
  • One participant shares a personal experience of receiving suspicious calls, linking it to the Facebook breach, and questions the security of personal data on social media.
  • There are conflicting views on whether Twitter requires a phone number for account creation, with some asserting it is mandatory for new users while others claim it is not necessary if signing up via email.
  • Participants discuss the pressure from Facebook to provide phone numbers for account recovery, with warnings against sharing such information.
  • Some users mention receiving alerts from security services regarding their information appearing on the dark web, further emphasizing the risks associated with data breaches.

Areas of Agreement / Disagreement

Participants express a range of opinions on the security practices of social media platforms, particularly regarding the requirement of phone numbers. There is no consensus on whether these practices are justified or if they effectively protect user data.

Contextual Notes

Participants reference personal experiences and alerts from security services, indicating a reliance on external notifications for awareness of breaches. There is uncertainty about the specific requirements for account creation on Twitter and Facebook, as well as the implications of sharing personal information.

  • #31
sysprog said:
Are you maybe allowed to use another voip service, such as Talkatone, or a proxy phone number app, such as Burner?
Neither of them is available in my country.

Anyways, I removed the phone number from Twitter, as mentioned in post #21. They haven't blocked my account yet.
 
Computer science news on Phys.org
  • #32
fluidistic said:
China's crackers exploit which bypassed 2FA

Details of exactly what happened in this hack are scant, but it seems to be a nation state attack, meticulously planned and executed, with the 2FA bypass allegedly done via a stolen RSA SecureID software token taking advantage of a related exploit in the 2FA code.

The security implications for 2FA in the general sense are unclear but it seems likely this is a fixable flaw. It's also not a general fault with 2FA, in the sense that a single exploit undermines it.
 
  • #33
Wrichik Basu said:
Neither of them is available in my country.

Anyways, I removed the phone number from Twitter, as mentioned in post #21. They haven't blocked my account yet.
They still have it in their database and if your phone number is leaking anywhere on the web or to any other tech giant, chances are twitter could get it.
 
  • #34
fluidistic said:
They still have it in their database and if your phone number is leaking anywhere on the web or to any other tech giant, chances are twitter could get it.
Even if they have it, I can't do anything about it. While signing up, you are compulsorily required to provide a phone number.
 
  • #35
OmCheeto said:
:headbang:
Today I received a bank debit card in the mail, with my address, and someone else's name, with a bank I had an open credit card (>$10k available) account with.

Just got off the phone with the second customer service rep.
She and the previous rep were both delightful.

It appears that I have to go to my local branch on Monday, with the physical evidence, to kind of prove that I'm neither a kook, nor senile, for the most part.

Wait a minute. I was just online, and I didn't have a savings nor checking account, and my mortgage account was closed months ago...

So I've just closed the last account with that bank, and they're going to look at me on Monday, like I'm some sort of kook.

hmmmm...
Good grief, have you looked up the name on the card to see if you find someone, by chance? They should know (if it's a legitimate bank error) that their debit card was sent to someone else! I'm sure the bank isn't going to tell them. The person might be listed in LinkedIn if they're employed. They might even be found on FB. I wouldn't contact them, but it would be interesting.

Boy, my email address had quite an active (and unsavory) life after yahoo was first hacked, my email address was sold on the "dark web" and some idiot ( I was actually able to find out the name and address of the moron that bought it because they weren't the brightest bulb). Geeze. The places my email address went and the things that were tried (and some done) with it. Since it was a fake email I had created, fake person, fake location, I wasn't concerned with closing the account and every time it was used, I'd get the confirming email back requesting verification, or I'd get a copy of what had been done with one of the websites that is very well known that allowed the moron to post unbelievable stuff and never tried to verify that it was legitimate. Anyway, I was on porn sites, BAD sites, all kinds of sites, I drove the moron nuts by shutting down his accounts until he gave up trying to use my email address. The porn sites were before the moron bought it for his personal use, no idea who that was, I never opened those emails, I seemed pretty popular, well, the poor fictional person linked to the email address was popular.
 
  • #36
Evo said:
Good grief, have you looked up the name on the card to see if you find someone, by chance? They should know (if it's a legitimate bank error) that their debit card was sent to someone else! I'm sure the bank isn't going to tell them. The person might be listed in LinkedIn if they're employed. They might even be found on FB. I wouldn't contact them, but it would be interesting.
I just spent the last 1.5 hours going through Mr. Mightbeaperp's FB page.
His name is unique enough, 104 Google matches, that I'm confident this is the same person.
I've decided that it's possible that he and I are both targets, or that he may be the only target, and I'm just an unwitting accomplice, as, I replaced my mailbox on Christmas day, as the door on my old one had fallen off a couple of months ago, and any cranker riding by on a bicycle could snatch anything inside, with the greatest of ease.

Actually, I think I may have met the perp. Someone knocked on my door yesterday afternoon, and asked whose truck was parked across the street. I gave him a vague answer, and he left.

Boy, my email address had quite an active (and unsavory) life ...
:oldlaugh:
I'm not sure how I would handle that, if my email ended up having a more interesting life than I've had.
 
  • Haha
Likes   Reactions: Evo