TechCrunch: WhatsApp resolves issue that exposed some users’ phone numbers in Google search results

TechCrunch: WhatsApp resolves issue that exposed some users’ phone numbers in Google search results. “WhatsApp has resolved an issue that caused phone numbers of some of its users to appear in Google search results. The fix comes days after a researcher revealed that the phone number of WhatsApp users who created a simplified link to allow others to chat with them or join a group appeared in search results.”

Tom’s Guide: WhatsApp can reveal your phone number in Google searches — how to protect yours

Tom’s Guide: WhatsApp can reveal your phone number in Google searches — how to protect yours. “Security researcher Athul Jayaram contacted the security-news site Threatpost last week to report that he did a site-specific Google search for numbers on a WhatsApp-owned domain and thousands of phone numbers popped up.”

The Register: Twitter says a certain someone tried to discover the phone numbers used by potentially millions of twits

The Register: Twitter says a certain someone tried to discover the phone numbers used by potentially millions of twits. “Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their de-anonymization.”

TechCrunch: A Twitter app bug was used to match 17 million phone numbers to user accounts

TechCrunch: A Twitter app bug was used to match 17 million phone numbers to user accounts. “A security researcher said he has matched 17 million phone numbers to Twitter user accounts by exploiting a flaw in Twitter’s Android app. Ibrahim Balic found that it was possible to upload entire lists of generated phone numbers through Twitter’s contacts upload feature. ‘If you upload your phone number, it fetches user data in return,’ he told TechCrunch.”

CNET: Facebook will stop using two-factor authentication phone numbers for friend suggestions

CNET: Facebook will stop using two-factor authentication phone numbers for friend suggestions. “Facebook will stop the practice of using phone numbers meant for two-factor authentication to suggest friends you may know. The move is part of the company’s efforts to clean up its privacy practices. Reuters reported the change on Thursday, which Facebook confirmed.”

Yahoo! Groups’ closure and a tale of Oftel: Die-hard users ‘informally’ included telcos (The Register)

The Register: Yahoo! Groups’ closure and a tale of Oftel: Die-hard users ‘informally’ included telcos. “The tossing away of user-generated content on Yahoo!’s long-running Groups site on Wednesday was not just bad news for all the hardcore users who are about to lose all their precious things stored there. Many were quick to point at telcos, who were using Yahoo! Groups to manage phone number assignments.” WOW.

CNET: Twitter misused security information for advertising purposes

CNET: Twitter misused security information for advertising purposes. “A Twitter security feature may’ve wound up costing people their data privacy, the company said in a statement Tuesday. Twitter said it recently discovered that email addresses and phone numbers meant to be used for security ‘may have inadvertently been used for advertising purposes.'”

TechCrunch: A huge database of Facebook users’ phone numbers found online

TechCrunch: A huge database of Facebook users’ phone numbers found online. “Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.”

The Next Web: Google listed the wrong number for its product hotline, nobody noticed

The Next Web: Google listed the wrong number for its product hotline, nobody noticed. “Not so long ago, Google set up a consultation hotline in case you needed to be convinced why your home needs a smart speaker – or any other smart device. But if you were wondering why nobody was picking up the phone, don’t worry, it wasn’t personal: the Big G had listed the wrong number on product pages for months.”

MakeUseOf: 6 Ways to Find All Accounts Linked to Your Email Address or Phone Number

MakeUseOf: 6 Ways to Find All Accounts Linked to Your Email Address or Phone Number. “From the dial-up days till now, most of us have signed up for a countless number of online accounts. But we barely log in to even half of them today. Now, the email address or a phone number you surrendered for registration can be misused. It’s time to ask yourself—’How do I find all accounts linked to my email address?'”

Bellingcat: Using Phone Contact Book Apps For Digital Research

Bellingcat: Using Phone Contact Book Apps For Digital Research. “Popular apps such as TrueCaller or GetContact advertise the ability to see who is really calling you, even if you do not know the number, and alert the app user of spam or scam calls. However, the way that these apps gather information to determine the name of an unknown caller is not as broadly advertised.”

BetaNews: If you’ve added your phone number to Facebook for 2FA security, it can be used to search for you

BetaNews: If you’ve added your phone number to Facebook for 2FA security, it can be used to search for you. “You may well have opted to maintain an element of privacy by omitting personal information such as your address and phone number from your profile. But if you’ve used your mobile number to secure your account with 2FA, even if it is not visible to others, it can still be used to search for you — and there is no way to opt out of this.”

Ars Technica: Comcast set mobile pins to “0000,” helping attackers steal phone numbers

Ars Technica: Comcast set mobile pins to “0000,” helping attackers steal phone numbers. “To port a phone line from Comcast to another wireless carrier, a customer needs to know his or her Comcast mobile account number. Carriers generally use PINs to verify that a customer seeking to port a number actually owns the number. But Comcast reportedly set the PIN to 0000 for all its customers, and there was apparently no way for customers to change it. That means that an attacker who acquired a victim’s Comcast account number could easily port the victim’s phone number to another carrier.”

Motherboard: Hundreds of Bounty Hunters Had Access to AT&T, T-Mobile, and Sprint Customer Location Data for Years

Motherboard: Hundreds of Bounty Hunters Had Access to AT&T, T-Mobile, and Sprint Customer Location Data for Years. “Around 250 bounty hunters and related businesses had access to AT&T, T-Mobile, and Sprint customer location data, with one bail bond firm using the phone location service more than 18,000 times, and others using it thousands or tens of thousands of times, according to internal documents obtained by Motherboard from a company called CerCareOne, a now-defunct location data seller that operated until 2017. The documents list not only the companies that had access to the data, but specific phone numbers that were pinged by those companies.”

Motherboard: How to Protect Yourself From SIM Swapping Hacks

Motherboard: How to Protect Yourself From SIM Swapping Hacks. “Criminal hackers have been targeting Instagram users with short or unique usernames, as well as people who own Bitcoin. To steal the victim’s accounts or cryptocurrencies, the hackers first seize the cell phone numbers of targets, which gives them the ability to reset passwords on any account linked to a given number. This kind of hack is what’s called a port out scam—an expression derived from the concept of porting a number from one carrier to another—and is also known as SIM swapping or hijacking.”