So many developers use Facebook login API to authenticate users to their apps. Depending on what type of data the user allows, developers can access and store information like contact details or things you like in their own server.
There’s no problems in that feature provided by Facebook. But it depends on who the developer is. Some apps strongly need certain data like contact number to work properly. Where some apps don’t actually need, but users allow the read permission to those information without caring about the privacy in the authentication page.
This data leak case is little different. Recently a security researcher discovered that the database in which those contacts and other facebook related data were stored was not password protected. So the server was pretty much exposed.
Along with contact numbers this database had other information like Facebook ids, names, gender and countries. It included 133 million records from USA, 18 million from UK and 50 million from Vietnam.
Facebook said that the data present on the server is old and the information present on it was scrapped before Facebook cut off the feature that allowed its users to be found by their phone numbers.
But there’s a high possibility that some of them are still using the same old contact number, In current time, it’s not rocket science for hackers to use those exposed contact numbers for various types of malicious activities inside and outside Facebook.
So whenever you guys authenticate using sites like Facebook, Twitter or Google. Check the data you are providing. If you see something suspicious, then just uncheck the data or stop authenticating in that site.