Contributed by: ElyseRomano Friday, December 27 2019 @ 09:36 am
In what is becoming an all-too-familiar headline, a security researcher has discovered an online database containing sensitive personal information belonging to hundreds of millions of Facebook users. Names, phone numbers and unique users IDs were exposed in the breach.
Bob Diachenko first came across the data on December 14, ten days after it was created, and reported the leak on Comparitech[*1] . The trove was available for anyone to access without a password or any other form of authentication. Based on evidence he discovered, Diachenko believes the stolen data is most likely the result of an illegal scraping operation or Facebook API abuse by criminals based in Vietnam. The information contained in the database puts users at risk of multiple digital hazards, including SMS spam and phishing campaigns.
Comparitech immediately alerted the internet service provider managing the IP address of the server and as of December 19, the data is no longer available. However, Diachenko says the data is also available as a download on a hacker forum. In total, 267,140,436 records were exposed, primarily from users in the United States.
Diachenko reportedly did not share the database with Facebook. The social network released a vague statement but has not directly confirmed the finding.
"We are looking into this issue, but believe this is likely information obtained before changes we made in the past few years to better protect people's information," a Facebook spokesperson told Engadget[*2] .
This is far from the only instance of a privacy mishap from Facebook. Records from over 400 million Facebook users were discovered on an insecure server in September 2019. Photos of 6.8 million Facebook users were exposed by a software bug in December 2018. A data breach title:in September 2018 saw 50 million users have their accounts compromised by an unknown attacker.
Following this latest data leak, Diachenko says Facebook users should be wary of any unsolicited text messages, even if the sender knows their name or other personal details. Users are advised to adjust their account privacy settings by setting all relevant fields to “Friends” or “Only Me.” Diachenko also suggests setting “Do you want search engines outside of Facebook to link to your profile?” to “No.” These changes can minimize the chances of a profile being scraped by third parties.
These ongoing privacy blunders raise questions about whether Facebook is doing enough to protect the data of users. They are also reminders that users should be cautious about the information they choose to share online, whether on a social network, a forum or a dating service.