The Target: Facebook, the social media giant.
The take: 419 million records which contained user’s unique Facebook ID and their associated phone numbers, as well as names, gender and country.
The attack vector: A server containing the data was left unsecured and publicly accessible. Facebook justified the security breach by explaining that the records were ‘old’, and believe that the user accounts in question were not compromised as a result of the breach.
Data breaches are a liability, regardless of whether or not the leaked data is in its most current form. Backups, replicates, and otherwise non-production datasets must be protected with the same encryption and protections to prevent the loss of sensitive information.