Thanks to a two-year-old leak of account details, thousands of sensitive users’ mobile numbers can now be looked up and exploited with Facebook bearing little consequence.
Thanks to Facebook’s leak of 1.5m Irish account details, it took me about 30 minutes to find the mobile numbers of almost everyone I know.
And plenty of people I don’t know, but who are public figures or who work in potentially sensitive jobs.
Judges. Gardai. Prison officers. Teachers. Womens’ shelter managers.
The Facebook leak of 533m people worldwide — including 1.5m Irish people is a stalker’s paradise.
It has almost 1.5m Irish mobile numbers, searchable against a person’s full name or occupation. In many cases, there’s additional information such as the person’s location or employer.
So; noticed any uptick in spammy or scammy phone calls lately? Or maybe you wondered how someone you don’t know, someone you wouldn’t have welcomed contact from, got your mobile number?
There’s a good change it’s related to the Facebook hack.
As soon as I downloaded this file (don’t ask me to post a link as that’s too close to an act of doxxing — but believe me when I tell you that it took about a 15 minute search, starting with Google), I checked my own name first, as it’s an unusual name.
Yep — right mobile, right details.
Then I checked those of journalistic colleagues. Yep, right again.
Then some public figures. Yep.
And so on.
This is an unofficial, fully searchable list of about a third of Ireland’s mobile phone numbers
The Irish Data Protection Commissioner says it’s on the case, but points out that this was a leak in early 2019 before the full effect of the GDPR came in.
Translation? Facebook won’t face any real consequences for this.
But now we all have a problem. Once a data file is leaked and published like this, it reappears again and again.
Normally, the advice is ‘change your passwords’. Fine — but our mobile numbers? We don’t change those every year. Most of us don’t change them in five or ten years.
So by all means, go ahead and change your email password again (you should be doing that regularly anyway, or using a password manager such as Lastpass or 1Password).
But it won’t make a difference to the leak of your mobile number.
That’s now out in the wild for anyone who wants to look up and use.
It’s a treasure trove for stalkers, spammers, scammers and a host of other unscrupulous figures.